ClawHub

Nature Spots

Security checks across malware telemetry and agentic risk

Overview

This travel skill is review-worthy because it can install a global booking CLI and keep hidden local logs of raw travel queries.

Install only if you trust the `@fly-ai/flyai-cli` package and are comfortable with provider-backed booking results. Avoid entering sensitive personal, financial, or exact itinerary details, and check or disable `.flyai-execution-log.json` if you do not want local query logs retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The runbook explicitly captures the raw user query and detailed CLI commands in an internal execution log, which exceeds what is necessary for a nature/travel discovery skill. Because this skill also supports bookings, visa info, insurance, and other travel workflows, user prompts may contain sensitive personal or travel data, making broad command and input logging a privacy and data-minimization risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The runbook instructs persistent file-based logging to `.flyai-execution-log.json`, creating durable local storage of execution metadata without demonstrating a clear business need for this skill. Persistent logs increase exposure in the event of host compromise, accidental inclusion in artifacts, or unauthorized access by other processes or operators.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to run a global package installation (`npm i -g @fly-ai/flyai-cli`) automatically if the tool is missing, which modifies the host environment without user approval or safety checks. In an agent context, this creates supply-chain and environment-tampering risk, especially because installation is framed as mandatory before answering the user.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The schema records raw user input and then persists the generated log to disk, while the document states the log is internal and not shown to users. This creates a transparency and privacy problem: users are not informed that their prompts may be retained, even though travel-related queries can include names, itineraries, booking preferences, and potentially regulated personal data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The runbook directs the agent to retain raw user input in an internal persistent execution log, which is unnecessary for the core purpose of recommending nature spots and travel options. In this skill context, retention is more dangerous because users may submit highly sensitive trip-planning details that can reveal location history, future travel plans, identity data, or financial/booking context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal