ClawHub

Vacation Rental Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TIDY vacation-rental integration, but it needs review because it gives agents broad property-management authority and encourages sharing sensitive property access data without enough safeguards.

Install only if you trust TIDY with rental operations, guest timing, property addresses, and access instructions. Require explicit approval before booking, canceling, deleting, or rescheduling anything; avoid putting gate or lockbox codes in prompts unless strictly necessary; protect or avoid the local credentials file; and rotate or revoke tokens where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented MCP surface includes account signup/login plus a broad freeform action channel that extends beyond the skill’s advertised vacation-rental turnover and cleaning scope. This creates a scope-expansion risk where an agent or user may invoke sensitive account actions or unrelated property-management operations without clear least-privilege boundaries.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Telling clients to use a freeform remote tool for “everything” and “ALL property management requests” effectively removes functional guardrails and encourages agents to delegate arbitrary tasks to an external service. In this skill context, that is more dangerous because the manifest presents a narrower operational purpose, so consumers may underestimate the breadth of actions and data exposure involved.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents cancellation of reservations and bookings as simple natural-language actions without warning about operational impact, confirmation requirements, or reversibility. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions that could disrupt guest stays, revenue, and scheduling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages sending property access details such as gate codes, lockbox codes, and parking instructions to a third-party platform without any privacy or security warning. These details are highly sensitive physical-security data; exposure or mishandling could enable unauthorized property access, theft, or guest safety issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends storing long-lived bearer tokens in a persistent local credentials file (`~/.config/tidy/credentials`) and states that tokens do not expire while previously issued tokens remain valid. This creates durable credential exposure risk if the host is compromised, backups are leaked, file permissions are weak, or shared environments are used, and the guidance does not clearly warn users about those risks or advise safer storage practices.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to submit account credentials and receive an API token but provides no warning about handling secrets, storage, redaction, or transmission risks. This can lead to accidental credential exposure in prompts, logs, client configs, or agent traces, especially in MCP environments where tool inputs may be recorded.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The docs direct users to send arbitrary natural-language requests through a remote freeform tool without warning that the full request content may be transmitted off-platform and processed externally. In a vacation-rental workflow, those messages may contain guest details, addresses, booking data, or operational secrets, making silent data exfiltration a realistic risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow examples instruct users to send guest reservation details and exact property addresses to an external service, but they do so without any privacy warning, data-minimization guidance, or note about handling guest PII. In a vacation-rental context, reservation timing and property location are sensitive operational data that could expose occupancy patterns or personal information if copied, logged, or shared inappropriately.

Missing User Warnings

High
Confidence
97% confidence
Finding
The examples include highly sensitive access information such as gate codes, lockbox codes, and key locations directly in commands and sample data, without any caution about secure handling. In this domain, these details directly enable physical access to properties, so normalizing their inclusion in plaintext examples materially increases the risk of unauthorized entry, leakage via logs, screenshots, shell history, or copied documentation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal