ClawHub

Trip Planner

Security checks across malware telemetry and agentic risk

Overview

This is a real travel-planning skill, but it asks the agent to use logged-in browser sessions and scraping methods across booking and social sites, so it should be reviewed before installing.

Install only if you are comfortable with an itinerary skill using your browser to read travel-site and social-site pages. Keep booking and payment manual, avoid running it while sensitive non-travel tabs are open, and prefer logging in only to the specific travel sites you want it to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference expands the skill from itinerary generation into operational scraping playbooks for multiple third-party sites, including extracting reviews and prices from dynamic pages. That broadens capability beyond the manifest's stated query-only research role and increases the chance the skill will access data or workflows the user did not clearly authorize.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The document explicitly instructs use of the user's logged-in Chrome session to access site content. Using authenticated session context can expose account-scoped data, pricing, reviews, or other personalized information without clear consent boundaries, making the skill materially more dangerous than a normal public-web itinerary tool.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The Xiaohongshu section adds social-platform scraping guidance, including extracting titles, authors, likes, note details, and comments for corroboration. That is outside the narrow itinerary-generation purpose and introduces collection from a third-party social platform with higher privacy, anti-bot, and consent risks.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are intentionally broad and include very common travel-planning requests in both Chinese and English, which can cause the skill to activate in situations the user did not explicitly intend. In an agent setting, over-broad invocation can redirect normal conversation into a heavyweight workflow involving web research and HTML generation, increasing the chance of unnecessary tool use, privacy exposure through external queries, and user confusion about why the skill took over.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guidance relies on the user's logged-in session but does not warn that the skill may access account-context or personalized content. That omission undermines informed consent and can lead to silent collection of data the user would not expect an itinerary planner to inspect.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The recommendation to inspect network requests/responses can expose sensitive headers, tokens, cookies, query strings, and account-linked API payloads. Without strong warnings and restrictions, the skill may collect secrets or personal data far beyond what is needed for travel planning.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal