ClawHub

Luxury Escape

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real travel-booking helper, but it needs review because it can install a global third-party CLI and persist raw travel queries without clear user control.

Install only if you are comfortable with an agent running a global npm install for a third-party travel CLI and sending travel searches to FlyAI/Fliggy. Avoid entering passport, payment, contact, or other highly sensitive details, and check for or delete .flyai-execution-log.json if you do not want raw queries retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install a global npm package automatically if the CLI is missing, which can modify the host environment without clear user consent. In an agent setting, this creates supply-chain and system-integrity risk because it permits unreviewed code installation and persistence on the user's machine.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The prerequisites and workflow reinforce `npm i -g @fly-ai/flyai-cli` as a mandatory step without presenting it as a privileged system change or asking for consent. This is dangerous because users may not realize the skill can alter their environment and execute third-party code pulled from the package registry.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires all travel queries to be handled through the `flyai` CLI and states it is powered by Fliggy, but it does not warn users that itinerary details, dates, locations, and potentially sensitive travel preferences will be transmitted to an external service. This creates a privacy and data-governance issue because users are not given informed consent before their data leaves the local agent context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly logs the raw `user_query` and states that the execution log is maintained internally, with no indication of user notice, minimization, or consent. In a travel-booking skill, user queries can contain names, passport or visa details, dates, locations, contact information, and other sensitive travel data, so retaining raw input creates unnecessary privacy and data-retention risk if logs are accessed or reused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runbook instructs appending execution logs to a local file, which creates persistent on-disk storage without any warning, access-control guidance, or retention limits. Persistent local logs are easily overlooked, can survive beyond the session, and may expose sensitive travel and booking-related data to other local users, backups, or forensic recovery.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal