ClawHub

Travel Income Idea

Security checks across malware telemetry and agentic risk

Overview

The skill mainly provides travel-income ideas, but it also includes instructions to change databases, edit app code, and add third-party booking redirects outside its stated scope.

Review before installing. Use this skill only as an advisory idea generator unless an authorized operator explicitly approves any database writes, source-code edits, booking features, or third-party searches. Users should verify local laws, venue rules, platform policies, work authorization, tax/customs obligations, and privacy consent before following resale, proxy-purchase, guiding, photo, or contact-data workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (45)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The inclusion of '免税店代购/daigou' introduces a legally and policy-sensitive arbitrage activity that can facilitate gray-market reselling, customs evasion, tax issues, or platform-enabled commercial abuse. In a travel-income skill, this context makes the entry more dangerous because it normalizes a questionable monetization tactic as a recommended option for users seeking quick ways to fund travel.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document directs the agent to perform actions far beyond the skill’s stated purpose of suggesting travel income ideas, including direct database inserts, frontend source-code changes, and adding new service integrations. This kind of scope expansion is dangerous because it can cause unauthorized modification of application state and code, especially if the skill is invoked in a privileged workspace or admin environment.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The itinerary-booking instructions add external travel search, booking-link generation, and third-party platform integration that are not necessary for a travel-income ideation skill. This increases the attack surface by enabling outbound requests, possible data leakage to third parties, and user redirection to external services without strong justification or safeguards.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is described as helping users discover ways to earn money while traveling, but this section expands it into a trip-booking implementation with booking UI, mock transport/hotel inventory, and redirects to external platforms. This broadens the skill's operational scope beyond its stated purpose and can cause an agent to modify product behavior in ways the user did not request or expect.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The instructions explicitly require a "book now" button that redirects to real third-party booking platforms, even though the skill's declared purpose is idea generation around travel income. Introducing real outbound transaction paths creates a new trust and safety surface, including affiliate abuse, misleading commercial steering, or sending users to external services without sufficient disclosure.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The guide instructs the agent to add trip-booking functionality, external search, and booking-link generation, which materially expands the skill from suggesting travel-income ideas into travel search and booking features. This increases attack surface through new network access, third-party integrations, and code changes that are unrelated to the declared purpose, making misuse or unintended data handling more likely.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document directs bulk insertion of 100 records into a database and modification of frontend files, which goes beyond a user-facing travel-income recommendation skill into administrative and development actions. Because these are persistent changes to data and code, an agent following the guide could alter application state without adequate scope limitation or user confirmation.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs updating application source files such as DiscoverPage.tsx and ProfilePage.tsx, despite the skill being described as a travel-income idea assistant rather than a code-modifying development tool. This mismatch is dangerous because it normalizes unauthorized source changes under a benign-seeming skill trigger, potentially leading to unintended or unsafe application modifications.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The documented use of Tavily API to search travel information and generate booking links is not justified by the stated purpose of finding travel-income ideas. Introducing third-party API access and outbound link generation adds network, privacy, and integrity risks, especially when the skill does not disclose or limit what data may be sent externally.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is described as helping users discover travel-income ideas, but the document expands its scope into itinerary booking and external platform redirection. This scope drift increases the agent's operational reach beyond advisory behavior into transactional assistance, which can expose users to unintended data sharing and actions that were not clearly aligned with the original skill purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The design introduces calls to external APIs and services such as booking platforms and search providers, despite the skill's stated purpose being travel-income idea discovery. This broadens the attack surface, creates privacy and supply-chain risk, and can enable unintended outbound data flows or integration abuse without clear necessity.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The document instructs an agent to perform bulk database insertion and modify frontend code, which exceeds the normal scope of a user-facing recommendation skill. Granting a conversational agent direct dev/ops-style authority over persistent data and application code can lead to unauthorized changes, data integrity issues, and privilege misuse if triggered inappropriately.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is described as a travel-income idea discovery assistant, but this document instructs an agent to perform broad operational tasks: bulk database seeding, SQL generation/execution, frontend code changes, and adding booking features. That is a significant scope expansion that can cause unauthorized data modification and code changes if the agent follows embedded instructions without explicit user authorization.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The file instructs the agent to add travel booking/search functions, call external services, and generate booking links to third-party platforms, which is unrelated to the stated idea-discovery skill. This introduces outbound network activity and third-party data sharing paths that could expose user itinerary data or silently expand the assistant into transactional behavior.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The document directs modification of frontend source files and database-related configuration to expand skills and UI behavior, despite the skill being a user-facing recommendation assistant. Embedded instructions that alter application code/config create a path for unintended or unauthorized changes to product behavior and stored settings.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The document directs implementation of a real booking flow that sends users to flight, train, and hotel platforms, which exceeds the stated skill purpose of discovering travel income ideas. This scope expansion matters because it introduces transactional behavior and handling of travel-planning context without clear justification, safeguards, or user-consent language.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The component is designed to pass destination, departure city, and travel date into external booking URLs and open them in a new tab. Even if the data is limited, this enables transmission of user travel intent to third-party services without demonstrating that such data sharing is necessary for a skill focused on travel-income suggestions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's documented behavior expands from suggesting ways to earn money while traveling into booking transportation and lodging, including direct redirection to third-party reservation sites. That creates a material scope mismatch: users may expose itinerary and preference data to external services and the agent gains transactional influence not reflected in the declared purpose.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The integration instructions make BookingPanel a productized feature inside the planning flow, effectively turning an idea-generation assistant into a booking funnel. This broadens capability into external commerce and user-action steering without corresponding justification, review, or safety boundaries in the stated skill context.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code generates parameterized outbound URLs to booking platforms and opens them in a new tab, enabling transfer of user itinerary data such as origin, destination, dates, and budget context to third parties. In a skill advertised for travel-income ideas, this is an unjustified external-navigation capability and increases privacy, consent, and trust risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The mockup explicitly supports AI-generated marketing materials and customer-service flows involving uploaded photos and contact details, but it provides no privacy notice, consent flow, retention limits, or safeguards for personal data handling. In this skill’s context, users may upload identifiable images and enter WeChat/phone contact info, so omission of data-handling warnings and controls can lead to privacy leakage, unauthorized reuse, or overcollection.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes and operationalizes several legally sensitive or fraud-prone monetization schemes—such as ticket/scarcity arbitrage, unlicensed venue-side sales, proxy purchasing, and borderline resale behaviors—while providing concrete execution steps that can enable user misconduct. Although some examples include brief risk notes, the warnings are inconsistent and insufficient relative to the specificity of the instructions, so the skill may normalize or facilitate illegal, policy-violating, or deceptive activity.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description and trigger design use broad everyday phrases such as '旅行赚钱' and '旅行怎么赚钱' without clear scope, exclusions, or confirmation steps. This can cause the skill to activate in loosely related conversations, leading the agent to inject advice about monetization schemes including legally sensitive areas like ticket reselling or proxy shopping when the user did not explicitly request that workflow.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is presented as a flat set of keywords with no scope constraints, negative examples, or user-intent verification. In this skill, that is more concerning because the content explicitly covers gray-area activities like 免税代购 and 票务倒卖合规操作, so accidental activation could steer users toward regulated or risky conduct without sufficient context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes travel-linked income schemes such as concert merchandise sales, duty-free reselling, and hotel test-sleeper work, which can implicate venue rules, resale restrictions, customs/import rules, tax obligations, labor classification, and local licensing requirements. Although the document briefly mentions '合规风险' later, the examples are presented as attractive monetization opportunities without clear upfront warnings, legality checks, or boundaries, which could steer users toward unlawful or regulated conduct.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal