ClawHub

Night Bazaar

Security checks across malware telemetry and agentic risk

Overview

This travel lookup skill is coherent, but it automatically installs a global third-party CLI and can quietly persist raw travel queries and command logs to disk.

Review before installing. Use this only if you trust the flyai CLI and are comfortable with Fliggy/flyai booking links. Prefer installing the CLI yourself after checking the package, require confirmation before npm installs or shell commands, avoid entering passport, payment, or booking-reference details, and delete or disable .flyai-execution-log.json if you do not want local query logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to perform a global npm installation of an external CLI (`npm i -g @fly-ai/flyai-cli`) as part of normal execution, without user confirmation, sandboxing, or warning that it will modify the host environment. This creates supply-chain and system-integrity risk because an agent may fetch and execute untrusted package install scripts and alter the user's machine automatically.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly records raw user input in `user_query` and logs command execution details, which can capture sensitive personal, travel, or payment-adjacent information entered into the skill. Because the document says the log is maintained internally and not shown to users, there is no transparency or consent mechanism, increasing the risk of silent retention, later disclosure, or misuse of sensitive data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook instructs the agent to append execution logs to a local file without any warning that user-derived execution data may be written to disk. File-based persistence increases the chance of unintended exposure through shared environments, backups, misconfigured permissions, or later forensic access, especially when combined with raw query logging.

Ssd 3

Medium
Confidence
98% confidence
Finding
This schema creates a full natural-language retention path by storing `user_query` and operational details, then persisting them to `.flyai-execution-log.json`. In a travel skill context, raw inputs may include itinerary details, passport/visa questions, booking preferences, or other personal data, so retaining them in plaintext materially increases privacy and data leakage risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal