ClawHub

Hot Springs

Security checks across malware telemetry and agentic risk

Overview

This travel skill is coherent for finding hot springs, but it asks the agent to install and run an unpinned global third-party CLI and to keep hidden local logs of raw user queries.

Install only if you trust the FlyAI/Fliggy CLI and are comfortable with travel searches being processed through it. Do not allow automatic global npm installation unless you approve that system change, and disable, redact, or delete the local execution log if you do not want raw travel queries stored on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to globally install and run an npm package from the network without user approval, trust disclosure, version pinning, or integrity verification. This expands the attack surface by allowing execution of third-party code on the host and could lead to supply-chain compromise or unintended system modification.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill mandates use of an external CLI/service for all answers and explicitly forbids answering without it, but provides no warning that user queries and parameters will be transmitted to a third-party service. This creates a privacy and data-handling risk, especially for location/travel data, because the user is not informed or given a chance to opt out.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly records `user_query` as raw input and instructs persisting the generated execution log to a local file. In a travel skill, user queries can contain sensitive personal data such as names, dates, destinations, visa details, insurance information, or booking identifiers, so storing them without minimization, retention limits, or user notice creates a real privacy and data exposure risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The schema directs the agent to append execution logs containing raw user input and command history to `.flyai-execution-log.json`, creating a persistent local record of potentially sensitive interactions. Persistent logging increases the blast radius of any host compromise, misconfiguration, or unintended file access, and the travel-booking context makes this more dangerous because requests may include PII and itinerary or payment-adjacent details.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal