ClawHub

ctrip-flight

Security checks across malware telemetry and agentic risk

Overview

This skill is for Ctrip flight searching, but it bundles and automatically sends a preset browser cookie and tells users to copy a logged-in cookie into source code.

Review before installing. Remove the bundled FVP cookie, do not paste personal browser cookies into shared source files, and only provide any Ctrip cookie through a local secret or environment variable if you understand the account and privacy implications. I found no evidence of destructive actions, unrelated data collection, or background agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script hardcodes a specific cookie-like identifier and automatically sends it to Ctrip on every request, which creates a credential/identifier exposure risk and may enable unauthorized use of someone else's session context. In an agent skill context, embedding real authentication material is especially dangerous because it can be redistributed, reused at scale, or leaked via source control and downstream logs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to extract and reuse an authenticated FVP cookie from their logged-in browser session and to place it into the script, but it does not treat that cookie as a secret or warn about account/session privacy risk. Encouraging manual copying of session material into code or config can lead to credential leakage through source control, logs, screenshots, or sharing, and the skill context makes this more dangerous because the cookie is explicitly used for authenticated access to a third-party service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code silently performs outbound requests to a third-party service while attaching a cookie-derived identifier, without informing the user that authentication-related data will be transmitted. In a skill or automation setting, hidden network exfiltration of identifiers reduces informed consent and can cause privacy, policy, or account-use issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal