ClawHub

Search Late Night & Red Eye Flights — Overnight, After-Midnight, Late Evening Departures

Security checks across malware telemetry and agentic risk

Overview

This flight-search skill is coherent, but it asks agents to install a global third-party CLI and persist raw travel queries in a local log.

Review before installing. Only use this skill if you trust @fly-ai/flyai-cli and are comfortable sending travel search details to that service. Do not allow sudo/global npm installation unless you intentionally approve it, and delete or disable .flyai-execution-log.json if you do not want raw travel queries kept locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The fallback instructs users to run a global npm install and then escalate to `sudo npm i -g`, which can execute package lifecycle scripts with root privileges and make system-wide changes without adequate warning. In an agent skill context, this is risky because installation guidance may be surfaced to users as a routine recovery step, increasing the chance of unsafe privilege escalation on their machine.

Ssd 3

Medium
Confidence
95% confidence
Finding
The runbook explicitly logs `user_query` as raw input in an internal execution log. Raw travel queries can contain personal or sensitive data such as names, dates, locations, booking details, passport or visa context, and storing them without minimization increases privacy, retention, and unauthorized access risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The persistence instructions append the execution log to a local file, which would include user-derived data from the schema. Writing sensitive operational logs to a flat file can expose data to other local processes, accidental inclusion in repos, backups, or support bundles, and increases the blast radius if the host is compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal