ClawHub

Shared Bike

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as shared-bike help, but its instructions mostly describe unrelated travel, flight, ticketing, and boarding-pass features without explaining how those capabilities are supported.

Install only if you are comfortable with a low-capability instruction-only skill whose documentation is internally inconsistent. Do not rely on it for real-time travel, ticketing, check-in, boarding-pass, insurance, or bike-unlock actions unless the publisher corrects the scope and documents actual supported data sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest claims this skill is limited to shared-bike unlocking, ride range, and pricing guidance, but the body describes broad travel-booking, flight, ticketing, weather, and itinerary functions. This scope mismatch can cause the agent to invoke the skill in contexts far beyond its declared purpose, increasing the risk of inappropriate routing, user deception, and unauthorized handling of travel-related requests or data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example triggers are generic templates such as handling arbitrary 'specific scenario tasks' or 'core functions,' which do not constrain when the skill should activate. In the presence of already mismatched documentation, these broad phrases can lead to over-triggering for unrelated travel or commerce tasks, causing unsafe delegation and confusing users about the skill's real scope.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal