ClawHub

Navifare - Flight Price Double-Check, Finds Hidden Deals

Security checks across malware telemetry and agentic risk

Overview

This is a coherent flight-price comparison skill that discloses its remote Navifare use and limits data to itinerary details, though users should be careful with screenshots and the optional API key setup.

Install only if you are comfortable sharing flight itinerary details with Navifare for price comparison. Redact screenshots before upload, especially names, booking references, loyalty numbers, passport information, and payment details. If using the optional local npm setup, protect the Gemini API key and review the package source or pin a trusted version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installation guide directs users to connect to a hosted MCP endpoint but does not clearly warn that flight details and related user-provided travel data will be transmitted to a third-party remote service. In a travel-price skill, users may submit itineraries, screenshots, booking references, and timing information, so lack of disclosure can lead to unintended sharing of sensitive personal or business travel data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The example shows a GEMINI_API_KEY environment variable in configuration without warning users that the credential is sensitive and must not be committed, shared, or stored insecurely. This can normalize unsafe secret-handling practices, especially when users copy the snippet into dotfiles, repositories, screenshots, or support requests.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation conditions are very broad (e.g., common phrases like 'Is this a good price?' or 'Should I book this?'), so the skill may trigger during ordinary travel conversations even when the user did not intend to invoke a third-party price-checking workflow. In this skill's context, unintended activation can cause unnecessary disclosure of itinerary data to the external Navifare MCP service and create confusing or over-eager agent behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill’s activation criteria are overly broad and include generic travel-booking statements like being 'about to book' or 'which option is better,' which can cause the skill to trigger even when a user did not explicitly ask for cross-site price checking. This creates an overbroad invocation risk: the agent may unnecessarily process screenshots or itinerary details and initiate external MCP requests, increasing privacy exposure and causing unintended tool use.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance is overly broad and maps to very common travel-planning phrases like 'Is this a good price?' or 'Should I book this flight?' without clear activation boundaries. In an agentic environment, this can cause the skill to activate on loosely related conversations, increasing the chance of unnecessary data collection, unintended external lookups, and incorrect tool use outside the user's actual intent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The screenshot-handling example explicitly encourages extracting itinerary details from uploaded images and then querying external booking sites, but it provides no privacy notice, consent step, or data-minimization guidance beyond a brief 'no personal info' aside. This creates a realistic risk that the agent processes screenshots containing names, booking references, loyalty numbers, or other personal travel data and transmits derived details to third parties without clear user awareness.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal