ClawHub

Camping

Security checks across malware telemetry and agentic risk

Overview

This is a text-only camping skill with some overbroad travel-logistics claims, but it does not request credentials, run code, or take actions on accounts.

Safe to install as a low-risk informational skill, but treat its real-time ticket, flight, check-in, boarding-pass, visa, and policy claims as unverified. Confirm travel-critical information with official providers before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is labeled as camping-focused, but the documented capabilities describe broader travel-booking functions such as flights, tickets, check-in assistance, and boarding passes. This scope mismatch can mislead users and downstream agents into invoking the skill for unrelated high-trust transactional tasks, increasing the risk of improper data handling, unsafe tool routing, or unauthorized booking-like behavior.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal