ClawHub

Overnight Flights

Security checks across malware telemetry and agentic risk

Overview

This is a coherent flight-search helper, but it asks agents to make broad local changes and store raw travel queries without clear user control.

Review before installing. Use this only if you trust the flyai npm package and the external flyai/Fliggy service with your travel searches. Do not allow automatic or sudo installation unless you explicitly approve it, and be aware it may leave raw travel queries and command history in a local log file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description significantly broadens the skill beyond overnight-flight search into bookings, hotels, trains, attractions, visa info, insurance, and car rental. This can cause the skill to activate outside its stated specialty, increasing the chance an agent routes unrelated user requests into a workflow that installs and runs external CLI commands unnecessarily.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to install a global npm package and execute a CLI without first presenting a clear user-facing warning or obtaining consent for system changes. In an agent environment, this creates risk of unauthorized software installation and command execution on the host machine.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow asks for travel details and sends them to an external CLI/service, but does not clearly warn users that itinerary data may leave the local environment. Travel queries can contain sensitive personal information, so the lack of a privacy disclosure and consent step exposes users to unintended data sharing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The fallback instructs installing a global CLI and then escalating to `sudo npm i -g` if the first attempt fails, without requiring explicit user confirmation or warning about the risks of privileged package installation. Running `npm` with sudo can execute package lifecycle scripts as root and materially increase the blast radius if the package, dependency chain, or installation path is compromised.

Missing User Warnings

Low
Confidence
84% confidence
Finding
After detecting an invalid or past date, the fallback says to automatically search tomorrow instead of stopping and asking the user to confirm a new travel date. This can cause the agent to act on a materially changed booking parameter, producing misleading results or unintended downstream actions if later tied to reservation workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runbook explicitly captures `user_query` as raw input and includes guidance to append the generated log to a local file, creating a durable record of potentially sensitive travel data. In this skill context, user queries may contain names, locations, dates, booking details, visa or insurance questions, and other personal information, and there is no indication of consent, minimization, redaction, retention limits, or access controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal