ClawHub

Multi Stop

Security checks across malware telemetry and agentic risk

Overview

This travel skill has a legitimate flight-search purpose, but it tells agents to install and run an unpinned global CLI and persist raw travel queries locally without enough user control or disclosure.

Review before installing. Use this only if you are comfortable installing and running the flyai npm CLI, sending travel-search details to that provider, and receiving booking links from its output. Avoid sudo setup, prefer a pinned or isolated CLI install, and remove or disable .flyai-execution-log.json if you do not want raw travel queries saved locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` as a mandatory prerequisite and even auto-install it if missing, without any warning or consent flow for modifying the host environment. This creates a supply-chain and environment-integrity risk because an agent could make persistent system changes and execute newly installed third-party code on behalf of the user.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "cheapest way to visit 3 cities" is broad and underspecified, so normal user requests about trip planning could activate this playbook without clear confirmation that the user wants exhaustive permutation analysis. That can cause the agent to perform unnecessary multi-query searches, increasing cost, latency, and the chance of acting beyond the user's intended scope in a transactional travel-booking context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook explicitly records raw user input, full CLI commands, and appends the execution log to a persistent local file. In a travel-booking skill, user queries and commands may contain personal data, itinerary details, account identifiers, or tokens, so retaining them without minimization, consent, redaction, or access controls creates a real privacy and data-exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal