ClawHub

Jd

Security checks across malware telemetry and agentic risk

Overview

This clinic booking skill is purpose-aligned, but it sends appointment details to external services without a clear final consent step and includes hardcoded API tokens.

Review before installing. Use this only if you trust the publisher and the BeautsGO/clinic booking flow, and understand that appointment details such as phone number, date/time, and party size may be sent to external services. The publisher should add an explicit confirmation before submission, document data handling clearly, and move API tokens out of the published code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill metadata describes the tool mainly as a clinic information/booking assistant, but the documented behavior includes higher-risk actions: submitting appointment data to external APIs, querying prices remotely, opening external sites, and handling personal data such as phone numbers and booking details. This mismatch reduces informed user consent and reviewer visibility, making data exfiltration, deceptive redirects, or unauthorized external interactions easier to hide behind an underspecified description.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The booking flow collects personal data such as contact information, appointment date/time, and party size, then transmits it to an external API without an explicit user-facing disclosure or consent step at the point of submission. This creates a privacy and compliance risk because users may reasonably think they are only chatting with the assistant, not authorizing data transfer to a third-party backend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal