ClawHub

Tmp.NHjYOyTDsJ

Security checks across malware telemetry and agentic risk

Overview

This Resy skill is purpose-aligned and disclosed, but it handles real reservation actions and credentials, so users should enable it carefully.

Install only if you are comfortable giving this MCP server your Resy email and password and allowing it to make real account changes. Prefer project-scoped configuration, protect the credentials, and require explicit confirmation before booking, cancelling, changing favorites, or subscribing to notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to match generic restaurant-reservation requests, which can cause the skill to activate when the user did not explicitly intend to use Resy or this specific MCP integration. Because the skill can perform authenticated actions like booking, favorites changes, and cancellations, unintended activation increases the chance of privacy-impacting or state-changing actions being routed to this tool unnecessarily.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes a destructive cancellation workflow and even documents a one-step pattern of listing reservations and cancelling by token, but it provides no explicit warning or confirmation requirement before invoking cancellation. In the context of an authenticated reservation-management skill, this makes accidental or ambiguous user requests more dangerous because a mistaken tool call can irreversibly cancel a real reservation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal