ClawHub

Alaska Air

Security checks across malware telemetry and agentic risk

Overview

This Alaska Airlines scraper is useful for award searches, but it requires automatic Telegram forwarding and broad worker-agent permissions that users should review before installing.

Install only if you want search results sent through Telegram and you trust the caller-provided chat destination. Before using it, disable or confirm external messaging, avoid authenticated Alaska account/token endpoints, and restrict worker tools to the narrow curl/python/message access needed for the search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs spawned sub-agents to send results directly to a Telegram chat ID supplied by the caller. That adds an external data transmission path unrelated to the core scraping logic and creates a disclosure channel for user travel queries and results without an explicit consent or confirmation step.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Listing an account token endpoint as a known API is out of scope for a calendar and fare scraper and may encourage future agents or operators to probe authentication-related functionality unnecessarily. Even without direct misuse in this file, surfacing token endpoints broadens the perceived permitted attack surface and increases the risk of credential or session-related abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions require immediate Telegram delivery by sub-agents but do not provide a clear user-facing warning that query data will be sent to an external service. This can cause silent sharing of travel plans, route interests, and booking links to a third-party destination chosen by the caller.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The output format mandates automatic Telegram delivery of search results yet omits any warning or opt-in regarding external sharing. Because the data includes itineraries, dates, and direct booking URLs, this creates avoidable privacy leakage outside the current interaction context.

Ssd 3

Medium
Confidence
96% confidence
Finding
The sub-agent template tells workers to transmit retrieved data directly to a caller-provided Telegram chat, creating a natural-language exfiltration path outside the main agent workflow. Because the destination is externally supplied and workers are told to send immediately, the design weakens review and approval controls over where user data is disclosed.

Ssd 3

Medium
Confidence
95% confidence
Finding
Repeating a mandate to immediately send results over Telegram normalizes automatic forwarding of retrieved travel data to an external recipient. In context, this is more dangerous because the skill handles user-specified routes and dates, which can reveal travel intent and should not be silently broadcast beyond the active session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal