ClawHub

Travel Biz

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent travel expense helper that stores and processes sensitive reimbursement data as part of its stated purpose, with no evidence of hidden sharing or unsafe behavior.

Install only if you are comfortable storing business travel, receipt, invoice, and reimbursement records locally under ~/travel-biz/. Before using upload, OCR, calendar sync, booking, or export features, confirm which companion skill or external service will receive the data and avoid granting credentials beyond the specific task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The usage flow includes receipt scanning, reimbursement generation, and export features, which inherently process sensitive financial and travel information such as receipts, invoice details, destinations, dates, and company expense records. Without an explicit warning or consent/handling notice, users may expose regulated or confidential data without understanding retention, export, or sharing risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents a local storage layout under ~/travel-biz/ for trips, receipt images, templates, and reimbursement reports, but it does not warn users that sensitive data will persist on disk. This increases the risk of unintended disclosure through shared machines, backups, sync tools, weak filesystem permissions, or malware targeting predictable paths.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal