ClawHub

Hotel Pricer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do hotel price searches as advertised, but it stores Amadeus API credentials and tokens locally without clearly documented or enforced secret-storage protections.

Install only if you are comfortable storing Amadeus API credentials on this machine. Use it on a private account, avoid shared or synced home directories, check that ~/.config/hotel-pricer and its config file are readable only by your user, and rotate the Amadeus secret if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to store an API key and secret but does not explain where or how those credentials are stored, whether they are encrypted, or the risks of local plaintext persistence. In an agent-skill context, unclear credential handling can cause operators to expose long-lived secrets on shared hosts, CI runners, or multi-user environments without realizing the sensitivity.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation instructs users to set an API key and secret directly via a CLI command but provides no warning about secure secret handling, storage location, shell history exposure, or least-privilege practices. In agent or shared-system contexts, this can lead to credentials being exposed through command history, process listings, logs, or insecure local configuration, enabling unauthorized API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists the OAuth access token and expiry to the Viper-backed config file without any controls around secure storage, file permissions, or explicit user consent. If that config is stored in plaintext or in a shared/home directory, other local users, backups, logs, or sync tools could expose the token and allow unauthorized API use until expiry.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The command stores API credentials in a local YAML config file under the user's home directory without enforcing restrictive permissions, using secure OS keychain storage, or warning the user that long-lived secrets are being written to disk. Because the directory is created with mode 0755 and the file write relies on defaults, other local users or backup/sync tooling may be able to read or exfiltrate the credentials, leading to compromise of the external API account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal