ClawHub

Travel In China

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu-based travel lead collector, with privacy and documentation caveats but no artifact-backed malicious behavior.

Install only if you are comfortable sending travelers' contact and trip details to your configured Feishu Bitable. Use a dedicated Feishu app and table with minimal permissions, protect the App Secret, obtain explicit consent before submission, and treat the advertised itinerary search/update/delete features as unsupported unless the publisher adds matching tools and safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill claims to be a tourism lead-collection assistant, but later expands into full itinerary CRUD against Feishu Bitable. This scope expansion can cause the agent to invoke more powerful data-modification operations than users would reasonably expect, increasing the risk of unauthorized record creation, alteration, or deletion.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly describes collecting sensitive travel-related personal data such as nationality, contact details, visa-assistance needs, and potentially passport information, and sending it to Feishu, but it does not provide clear user-facing disclosure about consent, retention, access control, cross-border transfer, or applicable privacy obligations. In a workflow handling international travelers' personal data, this omission increases the risk of non-compliant data collection and unsafe deployment by operators who may not realize the sensitivity of the information being processed.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill metadata and opening instructions mix two distinct roles and do not define clear activation boundaries. Ambiguous scope makes it easier for the agent to trigger in unintended contexts and perform actions outside the user's expected workflow, especially when later combined with database write and delete capabilities.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to collect personally identifiable information such as full name, contact details, nationality, travel dates, and special requirements, then store it in Feishu, but provides no user notice, consent flow, retention statement, or data-handling safeguards. This creates privacy and compliance risk and can expose sensitive travel-related personal data if mishandled or accessed by unauthorized parties.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented update and delete capabilities allow modification or removal of stored travel records without any requirement for user verification, record ownership checks, or destructive-action warning. In context, this makes accidental or unauthorized tampering with stored customer data more likely, especially given the ambiguous role definition and broad tool access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal