ClawHub

AI Travel Agent

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is coherent and disclosed, but users should be aware it uses a SerpAPI key, sends trip searches to SerpAPI, and may use calendar data when requested.

Install only if you are comfortable using your own SerpAPI key and sending travel search details to SerpAPI. Store the key in the documented environment variable or credential files, and avoid command examples that pass --key. Treat calendar access as optional and approve it only when you want availability checks or events added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill states the API key is never passed as a CLI argument, but the command examples repeatedly use `--key $SERPAPI_KEY`. Secrets passed on the command line can be exposed via process listings, shell history, logs, crash reports, or platform telemetry, directly contradicting the stated protection and increasing credential leakage risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file instructs the agent to load the user's Google Calendar as part of date recommendation logic, but it does not require any explicit user notice, consent, or minimization before accessing calendar data. In a travel-planning skill, calendar access can be legitimate, but silently pulling personal schedule information increases privacy risk and can expose sensitive events, locations, and availability without clear user awareness.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script sends user-supplied travel data, including destination and trip dates, to SerpAPI without any explicit disclosure or consent mechanism in the execution path. While this is necessary for the skill's functionality, it still exposes potentially sensitive itinerary information to a third party and can create privacy and compliance issues if users are unaware.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal