ClawHub

Travel Customizer

Security checks across malware telemetry and agentic risk

Overview

This skill sends customer travel details to Feishu, but its documentation overstates what it can manage and gives weak privacy and retention controls.

Install only if you control the destination Feishu table and are comfortable storing customer names, phone numbers, budgets, and trip details there. Limit the Feishu app to the minimum permissions needed, tell users before submission where their data goes, and do not rely on the advertised search, update, delete, or privacy-masking behavior until the publisher aligns the code and documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and relies on access to environment variables and networked Feishu APIs, but the manifest does not declare corresponding permissions. This creates a transparency and governance problem: users and platforms cannot accurately assess the skill’s actual capabilities, and undeclared secret/network access increases the risk of unexpected data exposure or unauthorized external communication.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior claims itinerary generation, search, update, and deletion, while the analyzed implementation reportedly only adds requirement records to Feishu. This mismatch is security-relevant because users may disclose sensitive travel plans or rely on management/delete capabilities that do not actually exist, leading to data retention, false expectations, and potentially unsafe operational decisions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that user travel requirements are automatically structured and stored in Feishu Bitable, and the examples show collection of personal data such as name and phone number. However, it does not clearly disclose data collection, transmission to a third-party service, retention, access scope, or obtain explicit privacy consent, which creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises deletion capability without warning users that records may be permanently removed or that confirmation should be required before destructive actions. In a travel-planning context, accidental deletion can cause loss of itineraries and associated personal planning data, especially if the agent acts on ambiguous user requests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to configure Feishu App Secret and other tokens but provides no security guidance on storing, rotating, or restricting those credentials. Because these secrets grant access to Feishu resources, poor handling can lead to account compromise, unauthorized table access, or leakage of travel-related personal data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill collects and transmits personal data including name, phone number, destination, budget, and special requirements to a third-party Feishu service without any visible consent, disclosure, or privacy notice in this code path. In a travel-planning context this increases privacy and compliance risk because users may not realize their data is being stored in an external business system.

External Transmission

Medium
Category
Data Exfiltration
Content
"records": [{"fields": fields}]
        }
        
        resp = requests.post(url, headers=headers, json=payload, timeout=10)
        resp.raise_for_status()
        result = resp.json()
Confidence
72% confidence
Finding
requests.post(url, headers=headers, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal