ClawHub

Umi

Security checks across malware telemetry and agentic risk

Overview

This clinic-booking skill is purpose-aligned, but needs review because it can submit appointment details and contact information to external APIs without an in-flow confirmation and includes hardcoded API tokens.

Review before installing. This skill is not clearly malicious, but use it only if you are comfortable sending appointment timing, party size, and any phone number you provide to the BeautsGO/clinic booking service. The publisher should add a clear confirmation step before submission and replace hardcoded tokens with scoped, revocable credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill can open online customer service but does not warn users that they are being redirected to an external service where conversations and metadata may be collected. This is risky because users may assume they are still within the trusted assistant environment and disclose personal details without understanding the privacy boundary.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill can open online customer service but does not warn users that they are being redirected to an external service where conversations and metadata may be collected. This is risky because users may assume they are still within the trusted assistant environment and disclose personal details without understanding the privacy boundary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill transmits user-provided contact information and appointment details to an external booking API without clearly notifying the user at the point of collection or obtaining consent before submission. This creates a privacy and data-handling risk because users may disclose phone numbers and scheduling information without understanding that the data will leave the assistant and be sent to a third-party service.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The fallback text uses a very broad phrase, 'Please tell me what you need', before steering into booking help. In an agent-routing context, this can cause the skill to activate on generic user requests unrelated to clinic booking, increasing the chance of inappropriate interception, misrouting, or over-collection of user details.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal