Back to skill

Security audit

OpenCLAW Tour Planner

Security checks across malware telemetry and agentic risk

Overview

This travel planner uses expected public travel APIs and a local cache, with privacy caveats users should understand before use.

Install only if you are comfortable with destination lookups being sent to public travel and weather providers and with API responses being cached locally. Avoid entering highly sensitive travel plans, and delete or redirect ~/.openclaw/cache/tour-planner.db if you do not want lookup data retained on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user travel queries to multiple third-party APIs and may cache responses locally, but the description does not clearly warn users that their destinations, dates, and preferences may leave the local system and be stored on disk. This creates a privacy and data-handling risk, especially for sensitive travel plans, because users cannot give informed consent or adjust usage accordingly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The page explicitly claims to gather live travel data, geocode destinations, fetch weather, and load travel guides, but it does not clearly disclose that user-entered trip details will be transmitted to third-party services. In a travel-planning context, queries can contain sensitive personal information such as destinations, dates, travel companions, and budget, so the omission meaningfully weakens user privacy expectations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The package description is extremely broad ('Universal travel planning skill') and does not constrain what actions, data sources, or authority boundaries the skill should operate within. In agent ecosystems, vague scope increases the risk of over-triggering, misuse, or unsafe delegation because downstream systems and users cannot clearly infer intended limits.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/apis/weather.ts:47

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:134