ClawHub

Travel Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-search skill that sends trip details to named travel providers to return prices and booking links.

Install only if you are comfortable sharing travel search details with the listed providers. Avoid including unnecessary personal information, verify booking links and prices yourself before paying, and review hidden-city fares carefully because they can carry airline-policy and baggage risks. Install the optional Airbnb or Google Flights components only if you trust those separate packages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README encourages very broad, natural-language activation for many travel-related intents, which can cause the skill to trigger in situations the user did not explicitly intend. In an agent environment, overbroad routing can lead to unnecessary external queries, disclosure of itinerary/location data to third parties, and actions based on ambiguous prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes real-time pricing and direct booking links from external providers but does not clearly warn that user travel details may be sent to third-party services. Users may disclose sensitive itinerary, date, destination, or budget information without understanding that external network requests and third-party processing are involved.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section explicitly says the skill calls provider MCP APIs directly via curl over HTTP/JSON-RPC, yet it omits any warning that these requests leave the local environment and are handled by third parties. Because travel searches often contain sensitive origin/destination pairs, dates, trip lengths, and budget constraints, the omission increases the risk of unintentional data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions direct sending user trip details and preferences to multiple third-party travel providers without any disclosure, consent flow, or data-minimization guidance. Travel queries can contain sensitive personal or location information, so silent transmission meaningfully increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs sending travel search parameters to a third-party MCP endpoint without any built-in user disclosure or consent step. Even if the transmitted fields appear limited to trip data, origin, destination, dates, and preferences can reveal sensitive travel intent and should not be silently forwarded to external services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly recommends Skiplagged hidden-city fare searches but omits warnings about airline terms violations, skipped-leg consequences, checked-baggage limitations, and loyalty-account risks. This can cause users financial loss or disrupted travel because they may follow the recommendation without understanding the constraints.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs the agent to send travel search inputs such as city names, airports, dates, hotel stays, and car-rental details to a third-party MCP endpoint, but it provides no user disclosure, consent guidance, or data-handling warning. In a travel-planning skill, these details can reveal sensitive itinerary and location information, so omission of privacy safeguards is a real security/privacy weakness even if the feature is expected to use an external provider.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Flexible departure dates
curl -s -X POST "https://mcp.skiplagged.com/mcp" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{
Confidence
89% confidence
Finding
curl -s -X POST "https://mcp.skiplagged.com/mcp" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{ "jsonrpc":"2.0","id":1,"method":"initialize"

External Transmission

Medium
Category
Data Exfiltration
Content
Before searching flights, resolve city names to IATA codes:

```bash
curl -s -X POST "https://mcp.skiplagged.com/mcp" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{
Confidence
86% confidence
Finding
curl -s -X POST "https://mcp.skiplagged.com/mcp" \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{ "jsonrpc":"2.0","id":2,"method":"tools/call"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal