ClawHub

fliggy-trip-planner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-planning skill, but it tells the agent to automatically install a global npm tool before use.

Review before installing. The trip-planning behavior is understandable, but only use this skill if you are comfortable with a normal travel request potentially triggering a global npm install of `@fly-ai/flyai-cli`. Prefer preinstalling a trusted, pinned version in a managed or sandboxed environment and requiring explicit approval before any setup command runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs the agent to automatically install a global npm package (`npm i -g @fly-ai/flyai-cli`) before performing trip planning. Auto-installing software from a skill is dangerous because it changes the host environment, expands the attack surface, and could execute untrusted install scripts without explicit user consent; this is not justified for a content-generation/travel-planning workflow.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description uses broad trigger phrases such as general travel-planning requests, which increases the chance the skill will activate in ordinary conversations where the user did not intend to invoke an external-data/tool-driven workflow. Over-broad activation is risky because it can cause unnecessary tool use and can expose users to side effects defined elsewhere in the skill, including the install step.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger scenarios are ambiguous and cover common requests like 'where should I go' or 'help plan a trip,' without defining activation boundaries or requiring user confirmation. In this skill's context, ambiguous routing is more dangerous because activation can cascade into automatic dependency installation and external searches.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown explicitly instructs the agent to check for and immediately install a CLI dependency if absent, with no warning or approval step. This is dangerous because it authorizes environment modification and execution of package-install hooks as part of normal skill operation, which is disproportionate to the skill's purpose and creates supply-chain and persistence risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal