ClawHub

Photo Spots

Security checks across malware telemetry and agentic risk

Overview

This travel photo-spot skill is mostly coherent, but it needs review because it can install a global CLI package and quietly write user requests to a local log.

Review before installing. Use this skill only if you are comfortable with the flyai/Fliggy CLI, approve any global npm installation yourself, and avoid entering sensitive itinerary or personal details unless logging is disabled or you plan to delete the local .flyai-execution-log.json file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to install and execute a global npm package if the CLI is missing, causing system modification without an explicit user consent or safety warning. In an agentic environment, this can lead to unintended package installation, supply-chain exposure, and persistence of unreviewed code on the host.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The prerequisite section normalizes a global npm install as part of ordinary use, again without warning that it changes the host environment. This is dangerous because agents may treat it as mandatory setup, expanding the attack surface through unpinned third-party code execution and global PATH changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly requires logging raw user input (`user_query`), CLI commands, fallback actions, and persisting the generated log to a local file, while also noting the log is not shown to users. This creates a privacy and security risk because travel-related queries may contain sensitive personal or booking data, and command logs can expose internal operations or tokens if included in arguments; silent persistence without notice or minimization increases the likelihood of unauthorized retention or disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal