ClawHub

T

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate travel-search skill, but it should be reviewed because it tells the agent to install and run an unpinned global npm CLI without clearly requiring user approval.

Install only if you trust the `@fly-ai/flyai-cli` package and are comfortable with a global npm install and travel queries being sent to the provider. Prefer manually approving or performing the install yourself, using a sandboxed environment, and checking booking links before taking any action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest and description position this as a narrow private-car skill, but the content expands scope to broad travel booking/search functions through a generic CLI. This mismatch can mislead an agent into invoking the skill in contexts the user did not intend, increasing the chance of over-broad actions or data access beyond the declared capability.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The documentation claims broad capabilities not actually reflected in the documented workflows, which creates ambiguity about what actions the skill may take. That ambiguity can cause improper routing, accidental overreach, or user deception about supported operations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to install a global npm package automatically if the CLI is missing, without prior user confirmation or trust verification. Installing and executing third-party code is a high-risk action because it expands the attack surface and can lead to supply-chain compromise or unauthorized system modification.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal