ClawHub
Back to skill

Security audit

summer-vacation-flight

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is purpose-aligned, but it tells agents to install a global npm CLI and send trip details to an external travel service without clear user confirmation.

Install only if you are comfortable with an agent installing a global `flyai` CLI and sending your travel searches to the external flyai/Fliggy service. Prefer asking the agent to confirm before installing packages or running searches, and avoid entering sensitive travel details unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The parameter mapping section reinforces use of an undocumented `--journey-type` flag despite earlier stating that any unlisted flag 'does not exist.' In an agentic execution context, contradictory command-generation rules are dangerous because they encourage the model to override safety constraints and normalize use of undefined external tool options.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The parameter mapping section reinforces use of an undocumented `--journey-type` flag despite earlier stating that any unlisted flag 'does not exist.' In an agentic execution context, contradictory command-generation rules are dangerous because they encourage the model to override safety constraints and normalize use of undefined external tool options.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli`, which modifies the host system by installing a global package, but provides no warning, consent step, or sandboxing requirement. In agent environments, unprompted package installation expands attack surface and may introduce unreviewed code execution on the user's machine or runner.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow mandates sending origin, destination, and travel dates through an external CLI-backed service without any privacy notice or consent checkpoint. Travel itinerary data can be sensitive personal information, and the skill gives no disclosure about third-party processing, logging, retention, or cross-border transmission.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill instructs the operator to run a global npm install command, which modifies the host environment and may require elevated privileges, but it does so without any warning or consent language. In an agent-skill context, unqualified system-modifying commands are risky because they can normalize changing the user's machine state during routine task execution and may expose the system to supply-chain or misconfiguration issues.

Missing User Warnings

Low
Confidence
89% confidence
Finding
This repeated fallback again provides a global npm installation command without disclosing that it installs software system-wide. Repetition increases the chance that an agent or user will execute the command automatically, which is problematic in a travel-booking skill where system administration actions are incidental to the core function.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The fallback condition '0 results from above playbooks' is underspecified and can lead to automatic execution of a broader keyword search when prior routing fails. In a travel-booking skill, this increases the chance of unintended or over-broad queries, which can produce irrelevant results, mishandle user intent, or send user-supplied route data into a looser search path without explicit confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal