ClawHub

aigohotel-mcp

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate hotel-search MCP integration, but its documentation publishes and encourages reuse of a shared API key and bearer token.

Install only if you are comfortable with the publisher’s credential model. Prefer replacing the documented default key or bearer token with your own per-user credential stored in an environment variable or secret manager, and avoid pasting real tokens into shared config files, screenshots, or repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that a default key can be used directly, but provides no warning about credential scope, storage, rotation, or whether that key is shared/public. In a skill that connects to an external MCP service for hotel search and pricing, this can encourage unsafe credential reuse, accidental leakage in client configs, and unauthorized third-party use of the backing service.

Missing User Warnings

High
Confidence
99% confidence
Finding
The document explicitly publishes a default shared API key and instructs all users to reuse it, which is a real secret-handling vulnerability. Any reader can authenticate to the MCP service with the same credential, causing unauthorized use, loss of accountability, quota exhaustion, and possible compromise of hotel-search service access tied to the vendor account.

Missing User Warnings

High
Confidence
99% confidence
Finding
The HTTP configuration examples embed a live bearer token directly in copy-pastable config snippets and even recommend using it uniformly. This encourages widespread credential leakage into local config files, IDE settings, screenshots, logs, and version control, while also enabling anyone with the document to access the remote MCP endpoint.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The stdio examples place the API key directly into environment/config snippets without any warning about secure handling. While environment variables are better than literals in source code, publishing an actual reusable key and encouraging users to paste it into client configs still creates credential sprawl and easy reuse by unauthorized parties.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal