ClawHub
Back to skill

Security audit

Restaurant Booking - OpenTable

Security checks across malware telemetry and agentic risk

Overview

The skill is designed to book OpenTable reservations, but it can confirm real bookings through a logged-in account with a saved card without a clear final approval step.

Review before installing. Use it only if you are comfortable letting the agent operate your logged-in OpenTable browser session, and require the agent to show the exact restaurant, date, time, party size, cancellation/no-show terms, fees, and saved-card indicator before it clicks Confirm. Consider using a dedicated browser profile or logging out/removing saved card access when not using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The confirmation-scraping snippet explicitly extracts `cardLast4` from page text even though the skill's stated purpose is restaurant booking, not payment-data handling. Collecting payment card details beyond what is necessary violates data minimization and increases the chance that sensitive financial information is exposed in logs, tool outputs, memory, or downstream systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown instructs extracting booking confirmation details including payment card last four digits without warning that this is sensitive financial information. In a skill designed to operate with a logged-in OpenTable session and a card on file, this capability is more dangerous because it can access real user payment metadata and normalize its collection as part of routine automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.