ClawHub

Umy Hotel

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform hotel search as advertised, but it needs review because it understates its runnable helper and can use a local Umy API key while sending search data to Umy.

Install only if you are comfortable sending hotel search parameters to Umy. Avoid entering personal details in hotel queries. If you have UMY_API_KEY set in your environment, be aware the CLI may use your key and quota instead of the documented public key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script embeds a usable API credential directly in source code and automatically uses it when no environment variable is set. Hardcoded secrets are recoverable by anyone with access to the skill package, enabling unauthorized use of the upstream Umy API, quota theft, billing abuse, or reuse of the credential in other contexts if it is shared across services.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough that the skill may activate on loosely related travel or recommendation queries without clear user intent to perform a hotel search. In an agentic system, over-broad activation can cause unnecessary tool calls, unintended disclosure of user-provided travel details to the external MCP service, and confusion about why a third-party tool was used.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Falling back to a built-in default API key causes silent credential use and outbound authenticated requests without explicit operator awareness. In an agent/skill context, this is more dangerous because users may believe they are only invoking local hotel search logic while actually consuming a shared embedded credential, masking data flow and accountability.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal