ClawHub
Back to skill

Security audit

Refundable Hotel

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is mostly purpose-aligned, but it asks agents to install a global third-party CLI and keep hidden local logs of raw travel queries.

Review before installing. Use this only if you are comfortable with a third-party global npm CLI being installed, your travel-search details being sent to flyai/Fliggy, and local execution logs potentially storing raw queries. Verify cancellation terms on the booking page before relying on a result as refundable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The fallback instructs installation of a global npm package and immediate execution of a CLI, which modifies the user's environment and runs untrusted code without any consent, warning, or safer alternative. In an agent skill context, this is risky because fallback behavior can be triggered automatically, potentially leading to unauthorized system changes or execution on the host machine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the raw user query in an internal execution log and persists it to disk when possible, but provides no minimization, retention controls, or user-facing notice. In a travel-booking skill, user queries can contain personal and sensitive travel details such as names, destinations, dates, visa questions, and insurance needs, so storing raw input increases privacy and compliance risk if logs are accessed, retained too long, or reused improperly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal