ClawHub

Island Guide

Security checks across malware telemetry and agentic risk

Overview

This travel skill has a coherent purpose, but it should be reviewed because it can install a global third-party CLI and store raw travel queries locally without clear user consent.

Install only if you trust the flyai/Fliggy CLI and are comfortable with a global npm package being installed. Prefer manual or sandboxed installation, review the CLI separately, and disable or delete .flyai-execution-log.json if you do not want travel queries stored on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation criteria are broad enough to trigger on common travel-related words, which can cause the agent to invoke this skill outside its intended scope. In context, that matters because the skill then pushes mandatory CLI execution and package installation, increasing the chance of unnecessary external command use on benign user queries.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to check for and, if absent, globally install an external CLI via npm without any user-facing consent or safety warning. That creates a supply-chain and system-modification risk: an agent could change the host environment and run untrusted third-party code merely to satisfy a content request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook explicitly defines an internal log schema that stores `user_query` as raw input and states the log is not shown to users, with no notice or consent mechanism. In a travel/booking skill, users may provide names, locations, passport or visa details, and other sensitive trip information, so collecting and retaining raw queries creates avoidable privacy and data-handling risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The runbook instructs the agent to retain and persist execution logs, including raw user input, and append them to a local file when writes are available. Persisting unredacted queries increases exposure to sensitive travel and booking data through accidental disclosure, over-retention, local compromise, or later misuse by other processes or operators.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal