ClawHub

RollingGo Hotel Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed hotel-search integration, but users should understand it runs an external RollingGo CLI, sends hotel-search details to that service, and includes a shared public API key.

Install only if you are comfortable running the external RollingGo package and sending hotel-search details to the provider. Prefer your own RollingGo API key for production or sensitive travel searches, store it outside command lines where possible, and consider pinning or reviewing the CLI version instead of always using latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to install or upgrade packages with npm/uv and to use @latest on every run, which expands behavior beyond hotel lookup into package management and execution of freshly downloaded code. In an agent context, this increases supply-chain and environment-modification risk because the skill can cause code fetch, install, and upgrade actions that are not necessary for answering many hotel-search requests.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The workflow directs the agent to export an API key into the environment as an execution step, which is outside the core hotel-search capability and causes credential handling side effects in the session. In multi-step or shared environments, this can leak secrets through shell history, logs, subprocess inheritance, or later tool invocations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation embeds a live API key and explicitly instructs users to export it or pass it on the command line. This is dangerous because hard-coded credentials are easily copied, abused, leaked via shell history/process listings/logs, and reused by anyone who reads the file, which can enable unauthorized API consumption and downstream account or quota abuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The reference file embeds a hard-coded API key and repeatedly instructs operators to export or pass it on the command line. This exposes a credential to anyone who can read the repository, shell history, logs, or process listings, and encourages credential reuse outside proper secret-management controls. In the context of a hotel-search skill, there is no security justification for publishing a reusable live key in documentation, which makes the issue more dangerous rather than less.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file embeds a plaintext API key and shows shell commands that export it without any secure-handling guidance. This is dangerous because it normalizes secret exposure in documentation and can lead to credential leakage through repositories, transcripts, terminal history, or telemetry.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to run npx, uvx, and global install/upgrade commands without warning that these actions execute downloaded code and may modify the host environment. In an agent setting, this creates avoidable supply-chain and persistence risk, especially when combined with the recommendation to always use the latest release.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The file hardcodes and repeatedly promotes use of an API key in plaintext via environment variables, CLI flags, and agent configuration. Even if described as a 'public' key, embedding credentials in documentation encourages propagation into shells, command histories, repos, logs, and shared config files, which can enable unauthorized use, abuse of rate limits, service impersonation, or downstream trust issues if the key has more access than claimed.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file presents the API key in plaintext and normalizes unsafe handling by showing it directly in export commands and CLI arguments without any warning. In this skill context, that is more dangerous because users are expected to copy-paste operational commands, increasing the chance of credential leakage through terminal history, screenshots, logs, telemetry, or multi-user systems.

Missing User Warnings

High
Confidence
98% confidence
Finding
The markdown not only reveals a pre-configured API key but explicitly tells users to reuse it, without any warning about confidentiality, logging, shell history, or unauthorized access. This normalizes unsafe secret handling and can lead to broad abuse of the shared credential, service quota exhaustion, attribution problems, and possible access to data or paid API usage under the publisher's account.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill repeatedly embeds and instructs use of a plaintext API key across setup and workflow sections, creating a broad, persistent credential exposure surface. Because the key appears to be ready-to-use and is repeated multiple times, the surrounding context makes the issue more dangerous: anyone reading, indexing, or replaying the skill can obtain and misuse the credential.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal