Back to skill

Security audit

Otto Travel Local

Security checks across malware telemetry and agentic risk

Overview

This travel plugin is purpose-aligned, but it can execute real booking and account-changing actions through a remote MCP server without documented confirmation safeguards.

Install only if you trust Otto and the configured MCP server URL. Treat ~/.openclaw/.otto-tokens.json like a password, avoid syncing or sharing it, and require explicit human approval before any book_flight, book_hotel, preference, or loyalty-program write action is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that OAuth tokens are stored locally in a predictable path but does not warn that these are sensitive bearer and refresh tokens. If another local user, malware, backup system, or accidental file sharing exposes this file, an attacker could reuse the tokens to access the user's travel account and perform actions such as viewing or making bookings.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This skill enables booking flights and hotels, which can trigger real-world transactions, reservations, fees, cancellations, or charges, yet the description provides no warning about these consequences. In a travel-booking context, omission of transactional warnings is especially dangerous because users may invoke booking tools assuming they are informational rather than financially binding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.