ClawHub
Back to skill

Security audit

Event Travel Planner

Security checks across malware telemetry and agentic risk

Overview

This event travel planner is purpose-aligned, but it needs review because setup can change the local environment and Xiaohongshu login can reuse browser session cookies.

Install only if you are comfortable reviewing or manually performing the setup steps, granting the Xiaohongshu CLI access to an account session, and using FlyAI booking/search links. Prefer QR login over browser cookie extraction when possible, do not paste cookies or API keys into chat, and verify prices and booking links directly before purchasing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad phrases like '参加活动' and '看演出', which can match many normal conversations and cause the skill to activate unintentionally. In this skill, unintended activation is more risky because activation leads to shell-based searches, external service queries, and possibly booking-oriented actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires generating an HTML file for the user but does not disclose file creation, destination, or persistence implications before doing so. Silent file output can surprise users, overwrite existing files, or create stored content that includes external links or embedded resources from searched data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs the agent or user to run an automatic setup script that can install software, inspect the local environment, and check authentication state, but it does not clearly disclose the scope of system modifications, package sources, privilege requirements, or what local/browser data may be accessed. In this skill context, the risk is elevated because the setup flow explicitly references browser cookie extraction for xhs authentication, which can lead to sensitive credential handling and unintended data access if performed without clear consent and safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs the agent/user to extract authentication cookies from a local browser and reuse them for CLI access, but it does not clearly present this as access to sensitive session credentials or require explicit informed consent. In an agent skill context, this is dangerous because browser-cookie reuse can silently grant account access beyond the user's expectations and may normalize handling of highly sensitive credentials.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.