ClawHub

VariflightAviation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real VariFlight flight-information skill, but it needs review because it runs an unpinned external npm MCP package and gives that process the user's full environment.

Install only if you are comfortable with a travel skill that contacts VariFlight and runs an external npm MCP package. Use a dedicated API key, avoid running it in a shell that contains unrelated tokens or cloud credentials, and prefer a version-pinned or locally reviewed MCP package if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The client launches an external package via `npx -y @variflight-ai/variflight-mcp` at runtime, which can fetch and execute code not pinned to a reviewed version. That creates a supply-chain and arbitrary code execution risk on the host, especially because the spawned process inherits the environment and receives the API key.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation explains how to provide an API key and use remote flight-query features, but it does not clearly warn users that requests and credentials are sent to a third-party service over the network. This can lead to uninformed disclosure of travel queries or misuse of a paid API key, especially for users who assume the skill operates locally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manager passes the full parent process environment into the spawned `npx` process via `{ ...process.env, ...options.env }`. That exposes all inherited secrets such as API keys, cloud credentials, tokens, and proxy settings to an external package executed through `npx`, which is especially risky because the skill launches a network-capable third-party MCP server package.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code executes external commands to resolve and run `npx`, including `execSync('which npx')` and `spawn(npxPath, ['-y', '@variflight-ai/variflight-mcp'])`. This causes code outside the repository to be located and executed, and because `npx -y` can fetch and run a package without an explicit local pin or user confirmation, it increases supply-chain and unexpected code-execution risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code passes the API key into a spawned external MCP tool through environment variables, effectively disclosing the credential to another process. In combination with runtime `npx`, this increases the chance that a compromised or unexpected package can capture and misuse the key without any explicit user disclosure or consent in this component.

Credential Access

High
Category
Privilege Escalation
Content
class MCPServerManager extends EventEmitter {
  constructor(options = {}) {
    super();
    this.env = { ...process.env, ...options.env };
    this.timeout = options.timeout || 30000;
    this.process = null;
    this.isReady = false;
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
class MCPServerManager extends EventEmitter {
  constructor(options = {}) {
    super();
    this.env = { ...process.env, ...options.env };
    this.timeout = options.timeout || 30000;
    this.process = null;
    this.isReady = false;
Confidence
95% confidence
Finding
.env

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal