Security audit

Letundra.com AI Travel Assistant

Security checks across malware telemetry and agentic risk

Overview

This travel skill fetches public Letundra travel pages and shows no evidence of hidden data access, persistence, or destructive behavior.

Install if you are comfortable with the assistant sending travel-related country, tag, or currency lookups to letundra.com. Do not run the bundled publish scripts unless you intentionally maintain these skills and understand they can publish through your authenticated ClawHub account. Verify critical visa and travel requirements with official sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill content is entirely in Russian and the prescribed output format is Russian-only, with no instruction to adapt to the user's language. This can override user expectations or system language preferences, causing misleading or inaccessible responses, though it does not directly create code-execution or data-exfiltration risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal