ClawHub

Route

Security checks across malware telemetry and agentic risk

Overview

This routing skill does what it says, but users should understand that exact route coordinates and the Camino API key are sent to Camino's API.

Install only if you are comfortable sending exact origins, destinations, route preferences, and any requested imagery context to Camino's API. Use a scoped or trial API key where possible, avoid sensitive home/work locations unless needed, and review the broader Camino companion skills separately before installing them all.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation demonstrates shell execution (`./scripts/route.sh`, `curl`) while declaring no permissions, which creates a mismatch between the skill's operational capabilities and its stated security model. This can mislead users and tooling about what the skill may execute or require, reducing transparency and weakening review safeguards.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill description says it provides routing and optional turn-by-turn directions, but the implementation also exposes geometry and imagery-related parameters that are not disclosed in the manifest. This mismatch can cause users or higher-level agents to send or retrieve richer location-linked data than expected, undermining transparency and informed consent.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Imagery retrieval is a materially different capability from simple route calculation and is not justified by the stated purpose of the skill. Enabling it through an undocumented optional parameter expands data access and could expose sensitive visual or location-context information beyond what a user expects when requesting navigation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill processes and transmits precise origin/destination coordinates to a third-party API, but the documentation does not warn users that sensitive location data leaves the local environment. Precise location data can reveal home, work, routines, or travel patterns, so omission of a privacy warning materially increases the risk of unintentional disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends precise start and end coordinates to a third-party API without any explicit user-facing notice at execution time. Location data is sensitive, and transmitting it externally without clear disclosure can create privacy and compliance risks, especially if users assume routing is performed locally or are unaware of the external processor.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -H "X-API-Key: $CAMINO_API_KEY" \
  "https://api.getcamino.ai/route?start_lat=40.7128&start_lon=-74.0060&end_lat=40.7589&end_lon=-73.9851&mode=car"
```

## Parameters
Confidence
95% confidence
Finding
https://api.getcamino.ai/

VirusTotal

No VirusTotal findings

View on VirusTotal