ClawHub

Discover and Book Activities in Any City

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Outgoing activity-search and booking integration, with real-purchase capability disclosed and bounded by confirmation guidance.

Install only if you are comfortable giving this skill an Outgoing/AAuth credential and sending activity queries, city hints, and optional location details to Outgoing. Use dry-run tokens first, require explicit user confirmation before any real ticket purchase or reservation, and use X-External-User-Id only for users who have been provisioned and consented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises booking tickets and making reservations but does not include an explicit warning or consent checkpoint before external transactions. In an autonomous-agent context, this increases the risk of unintended purchases or reservations being made from ambiguous user requests, especially since the skill is framed as working 'out of the box' with authentication.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase includes the standalone term "accessible," which is overly broad and can cause the skill to activate for unrelated requests about accessibility, accommodations, or document/UI accessibility. In an agent setting, that misrouting can send user queries and location/context to an external activity-search API when the user did not intend to invoke this skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states that API calls act as the user bound to the key by default and also documents acting for a specific user by setting `X-External-User-Id`, but it provides no warning about authorization checks, consent, or privacy implications. In an agent setting, this can normalize cross-user actions and lead to unauthorized searches, bookings, or data access if an integrator passes arbitrary user IDs or misunderstands the trust model.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that API calls act as the user bound to the key and can also act for a specific user via X-External-User-Id, but it does not require user consent, identity verification, or privacy notice before doing so. In a booking/discovery context, this can lead to searches or downstream actions being performed on behalf of another person without clear authorization, exposing personal preferences, account linkage, or enabling unauthorized reservations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends natural-language prompts and optional location data to a third-party API, but it does not clearly warn users that their query content and location hints may be transmitted externally. This creates a privacy and transparency risk, especially because users may include sensitive personal details about plans, whereabouts, or companions in free-form queries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that API calls may act as the user bound to the key and encourages sending location coordinates (`lat`/`lng`) or acting for a specific external user, but it does not require explicit user notice or consent before transmitting that personal context to a third-party API. In a trip-planning context, location, itinerary, and user identity linkage can reveal sensitive travel patterns, making silent transmission a meaningful privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal