ClawHub

Search Morning Flights — Early Departures, Dawn Flights, First Flight Out, AM Flight Deals

Security checks across malware telemetry and agentic risk

Overview

This is mainly a real-time morning-flight search helper, but it asks agents to make system-wide CLI installs and keep raw travel-query logs without enough user control.

Review before installing. Use it only if you trust the flyai CLI and service with your travel searches. Do not allow an agent to run global npm installs or sudo automatically; install any dependency manually from a trusted source and preferably without elevated privileges. Disable or delete .flyai-execution-log.json if you do not want travel details stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest markets broad travel capabilities such as hotel reservations, train tickets, attractions, visa info, and more, while the actual workflow only implements a morning-flight search path. This mismatch can cause incorrect routing or activation for unrelated travel requests, leading an agent to invoke the skill in contexts it cannot safely or accurately handle.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Overly broad capability claims in the manifest increase the chance that an orchestrator activates this skill for unrelated travel intents. In an agent setting, unintended invocation can expose users to irrelevant command execution paths, bad outputs, or unsafe dependency installation prompts outside the skill's real scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The fallback recommends global package installation and escalation to `sudo npm i -g`, which can modify the host system and execute package lifecycle scripts with elevated privileges. In an agent or operator context, this encourages unsafe system changes without explicit consent, environment isolation, or package provenance checks, increasing the risk of supply-chain compromise or host damage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Automatically searching for tomorrow after detecting an invalid or past date performs an action the user did not request and may produce misleading bookings or itinerary suggestions. In a travel-booking context, silent parameter substitution can lead to incorrect reservations, financial loss, and erosion of user trust, especially if downstream tools act on the modified date.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "earliest" is very broad and can match many ordinary travel requests without clearly signaling invocation of this specific skill. In an agent setting, overly generic triggers can cause unintended tool activation, routing a user into this playbook when they meant a general question or a different booking flow, which may lead to incorrect searches or unwanted external actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase "arrive by 10am" is ambiguous because it describes a general travel constraint rather than a clear request to run this exact flight-search playbook. In a multi-skill or agentic environment, that ambiguity increases the chance of accidental invocation from normal conversation, producing inappropriate searches or triggering external flight tooling without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly stores the raw user query and appends the full execution log to a local file, while also stating the log is internal and not shown to users. This creates a privacy and data-retention risk because travel queries can contain personal or sensitive information, and the skill provides no notice, minimization, masking, or retention controls.

Ssd 3

Medium
Confidence
97% confidence
Finding
The schema requires retention of `user_query` as raw input in an internal execution log and instructs the agent to persist that log when file writes are available. In a travel skill context, user queries may include names, dates, locations, booking preferences, passport or visa details, making indiscriminate retention more sensitive and increasing the chance of privacy leakage or downstream misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal