ClawHub

first-class

Security checks across malware telemetry and agentic risk

Overview

This travel booking skill has a legitimate purpose, but it automatically installs a global third-party CLI and can persist raw travel queries in a hidden local log.

Review before installing. Use it only if you are comfortable with a third-party global CLI, real-time travel searches being sent to that service, and local execution logs that may contain your itinerary details. Prefer manual, non-sudo installation of the CLI and delete or disable .flyai-execution-log.json if it contains sensitive trip information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to install a global npm package (`npm i -g @fly-ai/flyai-cli`) as part of normal execution, causing a system modification without explicit user consent or warning. In agent contexts, this can unexpectedly alter the host environment, expand the trusted software base, and introduce supply-chain risk if the package is compromised or misused.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates execution of external CLI commands using user itinerary details but provides no privacy notice or consent step before transmitting that data to a third-party service. Travel origin, destination, and dates can be sensitive, and silently sending them off-box may violate user expectations, enterprise policy, or data-handling requirements.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly logs `user_query` as raw input in an internal execution record, which can capture sensitive travel data, personal identifiers, payment-related details, passport/visa information, or other confidential user content. Because the document also states the log is not shown to users and provides no notice, minimization, or retention controls, this creates a real privacy and data-handling risk rather than a harmless operational note.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook instructs appending execution logs to a local file on disk, which turns transient request metadata into persistent storage without any privacy warning or safeguards. In the context of a travel-booking skill that may process itineraries, names, visa details, and other sensitive trip information, local persistence increases exposure through unauthorized access, backups, shared environments, or later reuse beyond the user's expectation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal