ClawHub

asia-arrival-card

Security checks across malware telemetry and agentic risk

Overview

This travel-form helper is not clearly malicious, but it needs review because it handles passport-level data and includes under-scoped automation for official entry forms.

Review before installing. Use official government sites directly when possible, avoid uploading passport or booking images unless necessary, redact unnecessary fields, do not share portal passwords or mailbox access, and require manual review before any form is submitted or any confirmation is saved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a guidance assistant, but it embeds actionable browser-automation logic that navigates government sites, fills identity/travel forms, submits them, and stores confirmations. That meaningfully expands capability from advice to transaction execution on sensitive systems, creating risk of unauthorized submission, mishandling of personal data, and policy bypass if an agent operationalizes the pseudocode.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Handling email verification and saving confirmation emails/QR artifacts goes beyond normal form-filling guidance and implies access to inbox-derived secrets and persistent storage of travel credentials. In this context, those capabilities increase the chance of account takeover-adjacent behavior, secret exposure, and retention of sensitive immigration records.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as an Asia arrival-card assistant, but the instructions expand behavior to arbitrary countries via live web_search. This is a scope-expansion issue: it can cause the agent to operate beyond reviewed content and rely on unverified, time-sensitive search results, increasing the chance of misinformation or unsafe guidance. In a travel-document context, inaccurate official-entry guidance can materially harm users.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill adds document OCR and structured extraction for passports, tickets, and hotel bookings, which is materially beyond 'filling guidance' and 'automation script suggestions.' This introduces collection and processing of highly sensitive personal and travel data, expanding both privacy risk and attack surface without corresponding safeguards or explicit necessity boundaries.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Passport MRZ extraction is a high-sensitivity identity-processing capability that exposes passport number, full legal name, birth date, nationality, sex, and expiry in a normalized format. In this skill, that capability is more dangerous because the context is a general travel-assistance workflow, not a narrowly governed identity-verification system, so users may be induced to upload identity documents without strong protections.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The guide gives mutually inconsistent instructions about whether a personal photo must be uploaded: one section says a photo is required, while a later FAQ says no photo is needed. In a travel-compliance context, contradictory procedural guidance can cause users to omit required steps or waste time preparing unnecessary materials, increasing the risk of failed or delayed registration.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The guide conflicts on whether flight changes can be handled by editing an existing submission or require cancelling and re-registering. Because QR codes may be tied to itinerary details, inconsistent instructions can lead travelers to present outdated travel declarations, causing airport delays or denial of boarding/entry processing.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The guide conflicts on whether flight changes can be handled by editing an existing submission or require cancelling and re-registering. Because QR codes may be tied to itinerary details, inconsistent instructions can lead travelers to present outdated travel declarations, causing airport delays or denial of boarding/entry processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks for passport numbers, birth dates, nationality, email, flight details, and other identity/travel data without clear privacy warnings, minimization guidance, or safer alternatives. In an immigration context, this data is highly sensitive and can enable identity theft, travel profiling, social engineering, or fraud if overshared or retained.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include broad terms such as '签证申请' and country-entry references that can invoke the skill outside the intended narrow arrival-card scenario. Over-broad invocation increases the chance the skill will process unrelated queries or sensitive travel-document contexts unexpectedly, especially since the skill also contains document-extraction behavior.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs users to upload passports and other travel documents for extraction of highly sensitive personal data, but does not present clear privacy, consent, minimization, retention, or sharing warnings. In a real deployment, this can normalize unsafe disclosure of identity documents and expose users to privacy harm, identity theft, or unauthorized secondary use of data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The framework explicitly includes email verification handling and saving confirmation data for immigration workflows that process passport numbers, birth dates, travel dates, and other sensitive personal data, yet it provides no privacy, storage, retention, or consent guidance. In this skill context, that omission is more dangerous because the automation targets official government immigration portals and encourages handling high-value PII that could be exposed through logs, local files, screenshots, browser profiles, or mailbox access during automation.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instructions explicitly direct collection and reuse of sensitive identity and travel information for automated form filling, which creates a clear data-handling risk. Because the forms relate to government entry systems, centralized collection of these fields materially raises the harm from leakage, misuse, or unauthorized replay.

Ssd 3

Medium
Confidence
95% confidence
Finding
The checklist encourages preparing passport image copies and other personal records without any safeguards on storage, transmission, or redaction. While preparation itself can be legitimate, prompting users toward document-image handling in an agent context increases the chance that highly sensitive documents are uploaded, retained, or exposed unnecessarily.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal