ClawHub

Tmp.MwdQJNKK5C

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for OpenTable, but it can act on a live signed-in account and its instructions do not consistently require confirmation before account-changing actions.

Review carefully before installing. Use this only if you are comfortable letting an agent operate through your signed-in OpenTable browser session, including booking, modifying, canceling reservations, and changing favorites. For safer use, require explicit confirmation before every booking, cancellation, modification, or favorite change, especially where cancellation policies or card holds may apply.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
97% confidence
Finding
The trigger text includes a catch-all clause for 'any request involving OpenTable restaurant reservations', which is overly broad for a skill that can book, cancel, and modify live reservations. Broad activation increases the chance the agent invokes this skill on ambiguous user requests and performs account-affecting actions in the user's authenticated OpenTable session without sufficiently explicit intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn that it operates against the user's live signed-in OpenTable session and can create, modify, cancel reservations, or change favorites. In this context, the omission is significant because the skill relies on browser session cookies and authenticated account state, so a user may not realize that natural-language requests can immediately alter real account data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal