ClawHub

Opentable Booking

Security checks across malware telemetry and agentic risk

Overview

This OpenTable booking skill is coherent, but it can use a logged-in account and saved card to accept terms and complete real reservations without a clear final user approval step.

Install only if you are comfortable letting the agent act through your logged-in OpenTable profile with a saved card. Before use, instruct it to stop before accepting terms or clicking the final reservation button until you review the exact restaurant, date, time, party size, cancellation/no-show terms, and any card or fee implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The confirmation-scraping snippet explicitly extracts `cardLast4` from page text, which is payment-related sensitive data not needed to complete or confirm a restaurant reservation. In a browser automation skill operating with a logged-in account and card on file, this expands data access beyond the stated purpose and creates unnecessary exposure of payment information in tool outputs, logs, or downstream systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown documents extraction of confirmation details including payment card last four digits without any warning, consent boundary, or handling guidance for sensitive financial data. Because this skill is meant to run in a logged-in OpenTable session with stored payment methods, normal use could cause payment-related data to be collected and exposed incidentally, increasing privacy and compliance risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The snippet automatically locates and clicks a terms/conditions-related checkbox based on broad keyword matching, causing the agent to provide legal consent on the user's behalf without an explicit confirmation step. In the context of making a reservation tied to a logged-in account and stored payment method, this could bind the user to cancellation fees, no-show charges, privacy terms, or other obligations they did not knowingly accept.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal