ClawHub

ancient-town-explorer

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is mostly coherent, but it automatically installs an unpinned global CLI and can store raw travel queries in a hidden local log.

Review before installing. Use it only if you are comfortable installing the flyai CLI globally and sending travel searches to that service. Prefer manually verifying and installing a pinned CLI version, and disable or delete `.flyai-execution-log.json` if you do not want raw travel queries stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly logs raw user input, CLI commands, fallback actions, and persists the data to a local file, but provides no minimization, redaction, retention limit, or user notice. In a travel-booking skill, user queries can naturally contain names, passport/visa details, locations, booking preferences, and other sensitive travel data, so persistent internal logs materially increase privacy and secondary exposure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The schema requires persistent logging of natural-language user queries together with internal execution details such as commands and recovery actions, which can leak sensitive content into a durable artifact. Because this skill supports bookings, visas, insurance, and itineraries, the logged text may include personal, financial, and travel-related information that could be exposed to operators, other processes, or future prompt/context reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal