Skillv1.1.0

ClawScan security

LovTrip AI Travel Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 5:30 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions ask you to fetch and run code (npx lovtrip@latest) and to provide API keys, but the registry metadata does not declare those install steps or required environment variables — this mismatch and the unpinned runtime install are concerning.
Guidance: This skill appears to be a legitimate travel planner, but there are transparency and supply-chain concerns you should address before installing or running it: - Do not run `npx lovtrip@latest mcp` blindly. `npx ...@latest` downloads and executes the latest package from npm and can change behavior over time. Prefer a pinned version (e.g., lovtrip@1.2.3) and inspect the package source first. - The SKILL.md asks for AMAP_API_KEY and OPENROUTER_API_KEY but the registry metadata doesn't declare these — ask the publisher to update the manifest to list required env vars and explain how credentials are used and stored. - Verify the package provenance: check the lovtrip npm package page and the upstream repository (source code, maintainer, recent commits, and issues) before giving it API keys or running it in your agent environment. - If you must test, run the npx command in an isolated environment (ephemeral container) with only the minimal API keys and network access required, and with logging/monitoring in place. - Consider least-privilege API keys (restrict by referrer/IP and scope) for mapping and routing services, and avoid providing broad account credentials. If the publisher cannot provide a source repo and a pinned release and cannot update the registry metadata to declare required environment variables, treat the skill as higher risk and avoid installing it.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly intends to use external mapping/routing APIs (高德/AMAP and OpenRouter) and a lovtrip CLI via `npx lovtrip@latest mcp`. However the registry metadata lists no required env vars or install requirements. Asking for AMAP_API_KEY and OPENROUTER_API_KEY in the setup is coherent with a travel planner, but those credentials should be declared in the skill metadata; their absence is an incoherence and a transparency issue.
Instruction Scope: concernRuntime instructions include a 'Setup' snippet that runs `npx ... lovtrip@latest mcp` (i.e., fetch-and-execute via npx) and references env vars. The skill allows Bash as a tool, so an agent could actually execute that command. The SKILL.md otherwise stays within travel planner functionality, but the instruction to fetch and run external code at runtime expands scope in a way not reflected in the manifest and without guidance on safety or provenance.
Install Mechanism: concernThere is no declared install spec in the registry, but the documentation instructs using `npx lovtrip@latest` to run a CLI. Using unpinned `@latest` via npx downloads code from the npm registry at runtime — a supply-chain risk. The registry should either include a vetted install spec or explicit, pinned instructions and a source repo to review; that is missing here.
Credentials: concernThe SKILL.md example requires AMAP_API_KEY and OPENROUTER_API_KEY (and mentions Google API when using mapProvider=google), but the declared required env vars in the registry are empty. Requesting API keys for mapping/routing is reasonable for this purpose, but the omission from metadata and lack of guidance about scopes/permissions and storage is a proportionality and disclosure issue.
Persistence & Privilege: noteThe skill does not request 'always: true' and is user-invocable only. That is reasonable. However, because it allows Bash and instructs running npx to fetch/execute a package, it gains the effective ability to run arbitrary code during a session if the agent follows the setup — a runtime privilege the user should be aware of. The skill does not claim to modify other skills or system-wide settings.