ClawHub

team-building-trip

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill appears legitimate, but it needs review because it tells the agent to install an unpinned global travel CLI automatically without explicit user approval.

Install only if you are comfortable with an agent using the flyai/Fliggy CLI for travel searches and potentially sending route/date details to that provider. Require explicit approval before any npm install, prefer a pinned or isolated installation, and use the skill only for intended flight-search workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase `plan a trip` is overly broad and can cause this skill to activate for many unrelated travel requests. In an agent setting, overbroad activation increases the chance that the skill will run commands, collect parameters, or install tooling when the user did not specifically request this booking workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description advertises broad capabilities far beyond the documented workflow boundaries, including hotels, trains, attractions, visa info, insurance, and car rental. In a tool-using agent ecosystem, this ambiguity can cause the skill to be selected for unsupported tasks, increasing the risk of inappropriate command execution, misleading outputs, or unsafe fallback behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` automatically if the CLI is missing, without warning the user that this modifies the host system. Silent installation of global packages is dangerous because it changes the environment, may require elevated privileges, and introduces supply-chain risk from external code.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger terms for the cheapest-option playbook include very broad words such as "cheap" and "budget", which can match user intent that is not actually asking to prioritize lowest price. In a travel-booking skill, unintended routing to a cheapest-flight workflow can produce misleading recommendations, lower-quality itineraries, or policy-noncompliant bookings if cost is overemphasized over schedule or traveler constraints.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The fastest-route playbook is activated by generic terms like "fast" and "quick", which are highly ambiguous and may refer to response speed, booking speed, or a general preference rather than shortest travel time. In this skill context, that ambiguity can steer users into an unintended search mode and return suboptimal or more expensive itineraries without clearly reflecting their request.

Vague Triggers

Low
Confidence
76% confidence
Finding
The fallback condition of "0 results from above playbooks" is underspecified because it does not define evaluation order, result thresholds, or whether errors and partial matches count as zero results. This can lead to inconsistent activation of the broad-search behavior, causing unexpected queries and less predictable skill behavior, though the direct security impact is limited in this context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal