ClawHub

Jeju With

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can submit appointment details and a phone number to an external medical-booking API without a clear in-chat confirmation step.

Review carefully before installing. The skill is narrowly aimed at a specific hospital booking workflow, but users should understand that appointment details and any phone number they provide may be sent to BeautsGO/Yestokr, and the current chat flow may submit after details are provided without asking for a separate final confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The metadata tags and activation keywords are broad and loosely constrained, increasing the chance the skill is invoked in contexts the user did not intend. For a medical-booking skill, accidental activation can expose sensitive health-related conversations or lead users into data collection and external navigation flows without clear intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description says it supports booking submission but does not warn users that their information may be sent to an external API. In a healthcare context, this is more sensitive because the collected data may include identity, contact details, and potentially medical-service preferences, so lack of disclosure undermines informed consent and privacy expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The booking flow collects a user's phone number and appointment details, then transmits them to an external API without any explicit notice, consent step, or disclosure in the user-facing messages. Even if this is required for functionality, sending personal data off-platform without transparency creates a privacy and compliance risk and could surprise users who believe they are only interacting locally with the skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description advertises '一键预约' and booking-related actions, but the trigger boundary for actually submitting a booking is only described in prose elsewhere rather than enforced in the manifest. In a medical-booking context that involves transmitting a phone number, ambiguous action scope can lead to users unintentionally authorizing a reservation or data submission without clear, explicit consent at the moment of execution.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal