ClawHub

Booking Real Time Hotel Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent hotel-search skill that uses a RapidAPI key to query a Booking Live API, with no evidence of hidden storage, persistence, or malicious behavior.

Install only if you are comfortable sending hotel search details to RapidAPI/Booking Live API. Use a dedicated RapidAPI key with quota or billing limits, monitor usage, and disable the skill or narrow invocation if broad travel prompts should not trigger API calls automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill directs the agent to invoke `curl` and use the `RAPIDAPI_KEY` environment variable, which expands the skill's operational scope beyond plain outbound HTTP and into shell execution plus secret handling. That creates unnecessary risk because user-controlled inputs may be incorporated into shell commands and the API key is exposed to command execution context rather than being handled through a safer native HTTP interface.

Scope Creep

High
Confidence
97% confidence
Finding
The skill declares only `network:outbound` permission but instructs use of shell commands and environment-variable access, creating a capability mismatch. This is dangerous because reviewers, policy engines, or users may trust the declared permission set while the instructions attempt to exercise more powerful behaviors, undermining sandbox and consent assumptions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger set includes very broad patterns like `booking`, `accommodation`, `stay in`, and `hotel for`, which are likely to activate in ordinary conversation without clear user intent to invoke this skill. Overbroad triggering increases the chance of unintended third-party data transmission, surprise network activity, and accidental use of the RapidAPI-backed integration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation does not clearly warn users that their travel queries, dates, destinations, and preferences will be sent to a third-party API provider via RapidAPI. In this context, the missing disclosure is significant because travel itinerary details can be sensitive, and broad triggers make silent transmission more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal