Back to skill
Skillv2.3.0
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 11:06 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a travel-management integration as described, but there are several incoherences and privacy-sensitive behaviors (undisclosed API key requirement, email-forwarding guidance, and recommended persistent storage of credentials) that you should understand before installing.
- Guidance
- Before installing, verify the ubtrippin service and publisher (check ubtrippin.xyz and the referenced GitHub repo). Be aware the skill requires you to provide a UBTRIPPIN API key (ubt_k1_...) and a registered sender email — these are not declared in the registry metadata, so treat that as a transparency gap. Consider these safety steps: (1) only supply an API key created specifically for this integration and keep it scoped/rotatable if the service supports it; (2) avoid storing the key in plaintext in long-lived agent configs; use ephemeral tokens or a secrets manager if possible; (3) understand that forwarding booking emails (with attachments) to trips@ubtrippin.xyz will transmit sensitive travel and identity data — confirm you trust the destination and its privacy policy; (4) ask the publisher to correct the registry metadata to declare required env vars and primary credential; (5) test with non-sensitive/demo data first, and be ready to revoke the API key if you see unexpected behavior.
Review Dimensions
- Purpose & Capability
- concernThe skill's declared registry metadata lists no required environment variables or primary credential, but SKILL.md and example scripts clearly require a UBTRIPPIN API key (ubt_k1_...) and the user's registered sender email for forwarding bookings. Functionally the requests (trips, items, loyalty, email parsing) align with a travel manager, but the metadata omission is an incoherence that hides the need for a sensitive API key and a verified sender email.
- Instruction Scope
- concernRuntime instructions include forwarding booking confirmation emails (including PDF attachments) from the user's registered email address to trips@ubtrippin.xyz and calling the service with a Bearer token. Forwarding/processing emails and attachments may expose sensitive personal data (tickets, PII). The SKILL.md also tells the agent to store the API key (agent config or TOOLS.md). The instructions do not describe how the agent obtains permission or access to send emails from the user's address, which is a scope creep/risk if the agent attempts mailbox access or automated forwarding.
- Install Mechanism
- okNo install spec; this is an instruction-only skill with example scripts. No downloads, extracts, or third-party packages are installed by the skill bundle itself.
- Credentials
- concernThe skill requires a UBTRIPPIN API key and the user's registered sender email to operate, yet the registry metadata declares no required env vars or primary credential. That mismatch is concerning because it hides that a secret (API key) must be supplied and may be stored persistently. The number and sensitivity of the secrets requested is proportionate to the service if declared explicitly, but the metadata omission reduces transparency.
- Persistence & Privilege
- noteThe skill does not request always:true and does not modify other skills. However SKILL.md explicitly recommends storing the UBTRIPPIN API key in agent config or TOOLS.md, which would persist the secret in the agent environment — a normal installation behavior but a persistent sensitive artifact the user should manage (rotate/revoke when needed).