ClawHub

airport-transit-hotel

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent airport-hotel search helper, but it quietly keeps a local log of raw travel requests and command details.

Review before installing. Use it only if you are comfortable installing/running the external flyai CLI and sending travel-search details to that provider. Avoid entering sensitive personal itinerary details, and delete or disable .flyai-execution-log.json if you do not want local query history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The runbook explicitly requires storing raw user queries and every CLI command in an internal execution log, which exceeds what is necessary to find airports or hotels. In a travel-booking context, user queries may contain names, dates, locations, booking details, and other sensitive travel data, while command logs can reveal internal tooling usage and derived sensitive parameters.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The persistence section instructs appending execution logs to a local file, creating durable storage of potentially sensitive request and operational data without a demonstrated business need. Persistent filesystem logging increases exposure from later compromise, accidental disclosure, multi-tenant leakage, or over-retention of travel-related personal data.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly states that the skill provides real-time travel data and booking links, which implies outbound requests to third-party services and possible transmission of user travel details. Because there is no warning about external network access, data sharing, or booking-provider interactions, users may unknowingly expose sensitive itinerary information or trigger third-party actions under the assumption the skill is purely local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook defines retention of raw user input and command history, and even marks the log as internal and not shown to users, with no notice or consent mechanism regarding storage. This creates a transparency and privacy problem because users interacting with a travel skill would not reasonably expect hidden retention of detailed request content and internal execution traces.

Ssd 3

Medium
Confidence
98% confidence
Finding
The log template includes a raw user_query field, which directly preserves unfiltered user input. In this skill's travel context, that input can contain itinerary details, names, airports, dates, lodging preferences, and other sensitive personal or commercial information, making unnecessary retention risky.

Ssd 3

Medium
Confidence
95% confidence
Finding
Requiring logging of every CLI call and fallback action captures a detailed operational trace that may embed user-derived parameters, search terms, booking references, locations, or credentials if passed through commands. Such comprehensive trace logging is not necessary for the stated hotel/airport assistance purpose and broadens the amount of sensitive data retained.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal