ClawHub

Urban Sports Club Booking API

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Urban Sports Club class lookup and user-directed booking or cancellation, with the main risk being local password storage and real account changes when those commands are run.

Install only if you are comfortable storing Urban Sports Club credentials locally and letting this script control your USC account for the commands you run. Keep credentials.json private, use an isolated environment, and double-check class IDs before using --book or --cancel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The module docstring materially understates the skill's behavior: beyond scanning classes, it also logs into a user account, reads bookings, books classes, and cancels bookings. In an agent/tooling context, this mismatch is dangerous because operators may grant or invoke the skill assuming it is read-only when it actually performs authenticated, state-changing actions.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation exposes account-modifying commands for booking and cancellation without any warning, confirmation requirement, or explanation that these actions can change the user's live Urban Sports Club account state. In an agent skill context, that increases the risk of unintended bookings/cancellations, especially if the skill is invoked by automation or an LLM that may not clearly distinguish read-only from write actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads plaintext credentials from a local file and submits them to a remote login form, but provides no meaningful warning, consent flow, or safeguards around handling sensitive data. In an agent skill setting, this increases the chance that a user unknowingly authorizes credential use or stores secrets insecurely on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script can book or cancel classes immediately based solely on command-line arguments, without a just-in-time confirmation prompt or dry-run safeguard. Because these are authenticated, state-changing actions against a real account, accidental invocation or misuse can directly alter the user's bookings and potentially incur penalties or loss of reservation slots.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal