ClawHub

Book Pilates

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can contact an external booking service and create real reservations with personal contact details without clear confirmation safeguards.

Review before installing. Use it only when you intend to search for or book pilates through Lokuli, and require the agent to show the provider, service, time, and contact details for explicit approval before sending personal information or creating a reservation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger language is broad enough to activate on generic pilates-related requests, not just explicit booking workflows. In a skill that can query external providers and ultimately create reservations, overly broad activation increases the chance the agent invokes the skill without clear user intent, leading to unintended external data sharing or booking progression.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill sends user queries and, during booking, personal contact data to an external MCP endpoint, but it does not warn the user that their information will leave the local system. This undermines informed consent and can expose sensitive personal data to a third-party service unexpectedly, especially in a booking context where names, email addresses, phone numbers, and location data are involved.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The create_booking tool performs a real-world external action by making a reservation and transmitting identifying customer information, yet the instructions do not require a confirmation or warn that this is a state-changing operation. Without an explicit confirmation step, the agent could create unwanted bookings, leak PII to the provider, or cause user harm through mistaken reservations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal