ClawHub

Booking Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed booking assistant that needs booking data and email access to do its job, with privacy and setup-boundary cautions but no evidence of hidden or malicious behavior.

Install this only if you want an agent to help operate real appointments. Use dedicated least-privilege SMTP and booking-system credentials, keep secrets out of chat and workspace notes, review TOOLS.md and HEARTBEAT.md changes before relying on automation, and make sure customers and staff understand how their contact details may be used for email, SMS, WhatsApp, Telegram, or call routing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill instructs onboarding to begin on any booking-related request whenever TOOLS.md lacks certain sections, which creates a very broad trigger condition. This can cause unintended invocation on generic booking conversations, leading the agent to collect and persist business configuration data or alter workspace state when the user did not explicitly request setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The form asks for personal and business contact information, including phone numbers, email addresses, business address, and escalation contacts, but gives only a generic instruction to return the completed form to an administrator. Without privacy handling guidance or a secure submission method, users may send sensitive onboarding data through insecure channels such as email, chat, or shared documents, increasing the risk of unauthorized disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal