ClawHub

Plan Dubai Travel — Flights, Hotels, Burj Khalifa, Desert Safari, Malls & Itineraries

Security checks across malware telemetry and agentic risk

Overview

This Dubai travel skill is travel-related and not clearly malicious, but it needs review because it can install a global CLI and persist raw travel queries locally without clear user control.

Install only if you trust the FlyAI CLI and are comfortable with a global npm package being installed for travel searches. Avoid entering passport, payment, contact, or highly sensitive itinerary details unless logging is disabled or controlled, and verify booking links and prices independently before purchasing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The template branding and operational references are inconsistent with the declared skill identity and provider: the file is named for 'explore-dubai' while the metadata says 'dubai-travel', and the footer/CLI mention 'flyai' even though the skill claims to be powered by Fliggy. In a travel-booking skill, this can misdirect users to the wrong tooling or booking flow, undermine trust, and create phishing-like confusion around which service is actually handling reservations and real-time pricing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to run `npm i -g @fly-ai/flyai-cli` automatically if the CLI is missing, which modifies the host environment without prior user consent or a warning. In an agent setting, automatic global package installation increases supply-chain and system-integrity risk because it executes code from an external registry and changes the runtime outside the task's original scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires all answers to come from the `flyai` CLI but does not disclose that user-provided travel details may be transmitted to an external service. Travel searches commonly include sensitive itinerary, location, timing, and possibly identity-adjacent information, so the lack of notice and consent creates a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly logs `user_query` as raw input in an internal execution log, which can capture sensitive personal, financial, travel, or identity data entered during booking flows. Because the skill handles travel services such as flights, hotels, visa info, and insurance, retaining raw prompts without notice or minimization creates a real privacy and data leakage risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook directs the agent to append execution logs to a local file, which can persist potentially sensitive request data on disk without any user warning or safeguards. Local persistent logs are easy to overlook, may have weak permissions, and can later be exposed through debugging, backups, host compromise, or accidental inclusion in artifacts.

Ssd 3

Medium
Confidence
98% confidence
Finding
Taken together, the schema stores raw natural-language user input and may persist the full log locally, creating a compounded data retention and disclosure risk. In this travel-booking context, user prompts may include passport details, itineraries, contact info, payment-related details, or other sensitive travel data, making the exposure more serious than in a low-sensitivity skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal