ClawHub

gap-year-travel

Security checks across malware telemetry and agentic risk

Overview

This travel-flight skill is purpose-aligned, but it needs Review because it tells agents to automatically install and run a global third-party CLI before answering users.

Install only if you are comfortable with a skill that may ask your agent to install a global npm package and run a third-party travel CLI. Prefer reviewing the CLI package first, installing it manually or in a sandbox, and confirming commands before execution. The artifact does not show credential theft, destructive actions, or automatic purchases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill explicitly says agents must never invent CLI parameters and may only use flags listed in the Parameters Table, yet the Direct Route playbook uses `--journey-type 1`, which is undocumented. This contradiction can push an agent to execute an unreviewed or unintended CLI capability, undermining the safety boundary the document claims to enforce.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs automatic global installation of `@fly-ai/flyai-cli` via `npm i -g` whenever the tool is missing, without requiring user consent or warning about system modification. This causes the agent to perform a privileged supply-chain action on the host, potentially executing post-install scripts or introducing untrusted code into the environment.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The file instructs users to run a global npm install command that modifies their system without any warning, consent checkpoint, or mention of trust implications. While the package appears related to the skill's expected tooling, globally installing software from documentation can expose users to supply-chain risk and unnecessary system changes if copied blindly.

Missing User Warnings

Low
Confidence
89% confidence
Finding
This fallback section repeats a system-modifying global npm install command in a code block, which encourages copy-paste execution without context or warning. In a travel-booking skill, such installation guidance is ancillary to the core user task, so prompting global package installation is less expected and increases the chance of unsafe trust in the toolchain.

Ssd 4

Medium
Confidence
96% confidence
Finding
The skill normalizes a sequence of environment check, installation, and external CLI execution as mandatory before answering, effectively steering the agent into running unverified code and commands. In an agent context, this is dangerous because it conditions the system to perform host-level actions based solely on document instructions rather than an explicit trust decision.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal