ClawHub

travel-destination-brochure

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its travel-brochure purpose, but its setup instructions include unsafe API-key handling that users should review before installing.

Review before installing. Use a dedicated VLM Run key supplied through a safe secret mechanism, do not let the agent inspect local .env files, and do not print API keys in terminal or chat. Prefer the pip/package-manager install path over remote installer scripts, and only send images or prompts to VLM Run that you are comfortable processing externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instructions explicitly tell the agent/user to check a local .env file for an API key, which is secret discovery from local files rather than normal travel-brochure behavior. This creates a risk of unauthorized credential access and subsequent leakage or misuse, especially because the skill also performs networked operations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The verification section again instructs reading a local .env file to find API keys, reinforcing secret harvesting behavior unrelated to the user task. Repetition increases the chance an agent will treat credential discovery as part of normal execution and expose or misuse those credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to print `VLMRUN_API_KEY` to the terminal to verify configuration. Exposing secrets in shell output can leak credentials through terminal logs, screenshots, shared sessions, scrollback history, or CI logs, enabling unauthorized use of the API key.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advises echoing the API key to verify it, which prints the secret in plaintext to the terminal and potentially into logs, transcripts, or shared sessions. Combined with instructions to source it from .env, this increases the chance of credential disclosure during routine setup.

Ssd 3

High
Confidence
99% confidence
Finding
These setup instructions direct the agent/user to read local .env files to obtain API keys, which is sensitive data access outside the minimum required scope of the travel task. Because the skill also invokes external services, any discovered secret could be used immediately or accidentally transmitted.

External Script Fetching

Low
Category
Supply Chain
Content
# Using pip
pip install uv

# Or using curl installer
curl -LsSf https://astral.sh/uv/install.sh | sh
```
Confidence
90% confidence
Finding
curl installer curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
pip install uv

# Or using curl installer
curl -LsSf https://astral.sh/uv/install.sh | sh
```

**Verify installation:**
Confidence
96% confidence
Finding
| sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal