ClawHub

pet-friendly-flight

Security checks across malware telemetry and agentic risk

Overview

This travel skill is not clearly malicious, but it needs review because it tells agents to globally install and run an unpinned third-party flight CLI without an explicit consent gate.

Install only if you trust the FlyAI npm package and are comfortable with a persistent global CLI install. Prefer preinstalling or approving a known version yourself, and verify pet cabin or carrier rules directly with the airline before booking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly says agents must never invent CLI parameters, yet later instructs use of `--journey-type 1` even though that flag is not declared in the Parameters table. This inconsistency can cause agents to execute unsupported commands or rely on undocumented behavior, undermining safe, predictable tool use and creating room for command misuse if a wrapper interprets unknown flags unexpectedly.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill mandates `npm i -g @fly-ai/flyai-cli` when the tool is absent, which instructs the agent to modify the host environment without explicit user consent or sandbox constraints. Global package installation changes system state, may pull untrusted code from the network, and can be abused in high-privilege or shared environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file instructs users to run a global npm installation command (`npm i -g @fly-ai/flyai-cli`) without warning that it changes the host system, requires trust in a third-party package, and may need elevated privileges. In an agent skill context, this is risky because users may treat recovery guidance as safe operational advice and execute it without evaluating package provenance or system impact.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger terms for the Cheapest Option playbook include very broad words like "cheap" and "budget," which are likely to appear in ordinary travel requests that do not specifically ask for price-prioritized routing. This can cause the wrong playbook to activate, leading to unintended behavior or user-manipulation of tool selection through casual phrasing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The Fastest Route playbook is activated by generic terms like "fast" and "quick," which are ambiguous in travel conversations and may refer to booking speed, response speed, or general convenience rather than itinerary duration. This ambiguity can route users into an unintended search mode and reduce reliability of agent behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The fallback condition "0 results from above playbooks" is underspecified because it does not define which playbooks must be attempted, in what order, or whether zero results came from search constraints versus upstream errors. This can produce inconsistent execution paths and unnecessary expansion into broad keyword search, increasing the chance of irrelevant or unintended tool actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal