ClawHub

Flyclaw Bak

Security checks across malware telemetry and agentic risk

Overview

This is a coherent flight-search skill that contacts disclosed flight data services and writes limited local cache files, with no evidence of hidden exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with flight search details being sent to third-party flight data services. Treat the built-in Fliggy signing credential as a shared public integration credential, not your own secret, and avoid adding personal API keys to config.yaml unless you trust the skill and the local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises capabilities in SKILL.md but does not declare permissions despite requiring network access and local file read/write behavior (for example, airport cache/config updates). Missing permission declarations undermine least-privilege review and informed consent, making it harder for operators to understand what the skill can access before installation or execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially understates the skill's actual capabilities: it claims 'zero API' / 'zero API key' while relying on multiple external services and reportedly embedding default credentials/secrets for request signing. That mismatch can mislead users into trusting the skill more than warranted, and embedded secrets or undocumented outbound requests create supply-chain, credential exposure, and privacy risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal