ClawHub
Back to skill

Security audit

本月轻松旅行盲盒

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-planning skill, but it can install an unpinned global FlyAI CLI and even suggests sudo, so users should review it before installing.

Install only if you are comfortable with FlyAI receiving city-level travel details and with managing the FlyAI CLI yourself. Prefer a pinned, manually installed CLI and do not allow sudo/global npm installation from the skill unless you fully trust the package source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill is a travel recommendation assistant, but it instructs the host to globally install a third-party CLI with npm. That introduces unnecessary supply-chain and host-modification risk unrelated to the core task, and could lead to arbitrary code execution during package installation if the package or its dependencies are compromised.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented behavior goes beyond reading data and generating travel suggestions by changing the host environment via global software installation. For an agent skill, that is dangerous because a user asking for travel ideas would not reasonably expect system modification, and such behavior expands the blast radius from content generation to code execution on the machine.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill not only suggests global installation but also presents sudo-based escalation as a troubleshooting path without a clear consent boundary or warning about system-wide effects. That can normalize privilege escalation in response to a benign travel request and materially increases the chance of harmful host modification or package-install compromise.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "wuyun",
  "license": "MIT",
  "dependencies": {
    "@fly-ai/flyai-cli": "latest"
  }
}
Confidence
94% confidence
Finding
"@fly-ai/flyai-cli": "latest"

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal