ClawHub

企业用车

Security checks across malware telemetry and agentic risk

Overview

This car-service skill is purpose-aligned, but it can present simulated ride bookings as successful real-world actions and exposes booking/cancellation calls without an explicit confirmation gate.

Review before installing. Treat this as an unsafe demo unless the publisher adds explicit user confirmation before any booking or cancellation and clarifies whether it connects to a real provider. Do not rely on its success messages as proof that a real ride has been booked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The airport transfer flow returns a successful booking response with an order_id, but unlike immediate and scheduled rides it never persists the order into self.orders. This creates an integrity issue: users or downstream systems may believe a reservation exists when it cannot later be retrieved, managed, or canceled, which can lead to service denial, operational confusion, and broken business workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This adapter exposes state-changing operations such as ride booking and order cancellation directly through callable functions without any confirmation, approval gate, or indication that an external real-world action will occur. In an LLM tool-calling context, ambiguous user prompts, prompt injection, or model misinterpretation could trigger unintended bookings or cancellations that affect money, logistics, and user operations.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal