Travel Search Ru

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is coherent and disclosed, but users should understand that travel queries and booking-link details are sent to external travel APIs and a proxy/shortener.

Install only if you are comfortable sharing travel-search details with the listed travel providers and the api.botclaw.ru proxy/shortener. Avoid unnecessary sensitive details, be cautious when searches include children’s ages, use explicit departure cities instead of IP geolocation, and inspect shortened links before booking.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (14)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs the agent to perform outbound HTTP requests, yet no explicit permissions model is declared. This creates a governance gap where network access exists without transparent declaration or least-privilege constraints, making abuse or accidental data exfiltration harder to detect and review.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill claims a narrow travel-search purpose, but the implementation pattern is effectively a generic HTTP client driven by instructions in markdown. It also relies on intermediary and additional hosts not clearly disclosed in the description, which weakens user consent and creates room for unexpected network actions beyond the stated travel integrations.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger terms are broad enough to activate on ordinary conversation about vacations or trips, increasing the chance the skill runs when the user did not intend external travel searches. In this skill, unintended activation matters because execution leads to third-party network requests and sharing of travel-related query details.

Natural-Language Policy Violations

High

Confidence: 97% confidence
Finding: The excursion example hard-codes `lang":"ru"`, and the skill metadata is Russian-focused, indicating the agent may force Russian-language queries regardless of user preference. This can degrade user autonomy, lead to incorrect or inaccessible results, and route searches through a language setting the user did not consent to, especially for non-Russian speakers.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation states that origin may be auto-detected from the user's IP if omitted, but it does not require user notice or consent. In a travel-search skill, this can lead to silent disclosure or inference of approximate user location to a third-party API, creating a real privacy risk even if it is not code execution or data exfiltration in the classic sense.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation encourages sending a raw IP address to a third-party geolocation endpoint without any warning, consent requirement, or data-minimization guidance. IP addresses are personal data in many jurisdictions, so this can cause privacy violations, unintended user tracking, or regulatory exposure if an agent forwards user/network metadata automatically.

External Transmission

Medium

Category: Data Exfiltration
Content: **Quick example — cheapest flights:** ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/v1/prices/cheap" \ --params '{"origin":"MOW","destination":"AYT","depart_date":"2026-06","currency":"rub"}' ```
Confidence: 88% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: After getting prices, create a booking link on aviasales.ru. See [references/aviasales-links.md](references/aviasales-links.md) for URL format, then get a short link: ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/short-link" \ --params '{"url":"https://www.aviasales.ru/search?origin_iata=MOW&destination_iata=AYT&depart_date=2026-06-01&return_date=2026-06-15&adults=1&children=0&infants=0&trip_class=0"}' ```
Confidence: 94% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: **Step 1 — start search:** ```bash python scripts/api_call.py --method POST \ --url "https://api.botclaw.ru/travelata-partners/tours/asyncSearch" \ --body '{"departureCity":2,"country":92,"checkInDateRange":{"from":"2026-06-08","to":"2026-06-22"},"nightRange":{"from":"7","to":"10"},"touristGroup":{"adults":2,"kids":1,"infants":0,"kidsAges":[8]},"hotelCategories":[4,7],"meals":[1,8]}' ```
Confidence: 90% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: **Step 2 — fetch tours** (same criteria; pass arrays as `key[]`): ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/travelata-partners/tours" \ --params '{"departureCity":"2","country":"92","checkInDateRange[from]":"2026-06-08","checkInDateRange[to]":"2026-06-22","nightRange[from]":"7","nightRange[to]":"10","touristGroup[adults]":"2","touristGroup[kids]":"1","touristGroup[infants]":"0","touristGroup[kidsAges][]":["8"],"hotelCategories[]":["4","7"],"meals[]":["1","8"],"sections[]":["hotels","meals"],"limit":"30"}' ```
Confidence: 90% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: **Build the booking URL** from `tour.hotel` and `tour.id`, then convert through `/short-link`: ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/short-link" \ --params '{"url":"https://travelata.ru/hotel/<tour.hotel>/tourPage?identity=<tour.id>"}' ```
Confidence: 91% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: **Quick example:** ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/leveltravel/tours" \ --params '{"departure_key":"moscow","country_iso2":"TR","date_from":"2026-05-01","date_to":"2026-05-15","nights_min":"7","nights_max":"10","stars_min":"4","limit":"20"}' ```
Confidence: 87% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: **Quick example — excursions in Kemer:** ```bash python scripts/api_call.py --method GET \ --url "https://api.botclaw.ru/sputnik8/v1/products" \ --params '{"city_id":"420","limit":"10","lang":"ru","currency":"rub","order":"rating","order_type":"desc"}' ```
Confidence: 89% confidence
Finding: https://api.botclaw.ru/

External Transmission

Medium

Category: Data Exfiltration
Content: ### 4. Utilities - **City/airport lookup:** [references/travelpayouts-utils.md](references/travelpayouts-utils.md) — autocomplete and IATA resolver - **Short links:** `GET https://api.botclaw.ru/short-link?url=<URL>` — get a short booking link for any travel URL - **Airline logos:** `http://pics.avs.io/{width}/{height}/{IATA}.png` (e.g. `http://pics.avs.io/200/200/SU.png`) - **Currency rates to RUB:** `GET http://yasen.aviasales.ru/adaptors/currency.json`
Confidence: 93% confidence
Finding: https://api.botclaw.ru/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal