ClawHub

Trip.com TripGenie

Security checks across malware telemetry and agentic risk

Overview

TripGenie is a disclosed Trip.com travel API wrapper, with expected third-party data sharing and API-key use but no evidence of hidden, destructive, or unrelated behavior.

Install this only if you want Trip.com-powered travel results. Avoid putting highly sensitive personal details in travel prompts, protect and rotate the TRIPGENIE_API_KEY if exposed, and treat returned booking links or provider text as third-party content rather than local OpenClaw-generated advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares itself the main handler for all travel-related queries and instructs the agent to prefer it broadly for hotels, flights, and general travel topics. This can cause over-triggering on ordinary conversation and route more user content than necessary to an external service, increasing privacy exposure and unintended third-party data sharing.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several trigger examples and keywords are generic enough to match casual discussion, such as accommodation, travel advice, or book a room, without clear consent to contact a third-party service. In this skill's context, broad triggers are more dangerous because invocation leads directly to remote API submission of user queries and locale data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends user query text, locale, and an API token to an external TripGenie endpoint but does not clearly warn users that their travel requests are transmitted off-platform. This undermines informed consent and can expose sensitive itinerary, location, or preference information to a third party without adequate notice.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instruction to always return the full third-party API response as-is removes any opportunity to redact secrets, reflected user data, booking identifiers, or malicious content echoed by the service. If the upstream service includes tokens, debugging metadata, links, or prompt-injection text, the agent will expose it directly to the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal