ClawHub

multi-concert-trip-planner

Security checks across malware telemetry and agentic risk

Overview

This skill coherently helps plan concert trips, with disclosed local history snapshots and a ranking caveat users should understand.

Install if you want concert-trip planning with external searches and local change tracking. On shared machines, review or delete the snapshots directory after use, and ask the agent to ignore or adjust the Taiwan-related ranking penalty if it does not match your travel documents or preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The scoring logic hard-codes a blanket penalty for Taiwan-based events based on a specific political/travel-policy viewpoint rather than user-selected travel constraints. This introduces discriminatory regional bias into ranking outputs and can systematically suppress relevant options, producing unfair or misleading recommendations for users whose nationality or travel eligibility differs from the assumed profile.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The design introduces persistent local snapshot storage of user search history and concert results, which goes beyond the core trip-planning/search behavior described and creates a privacy/data-retention surface. Even if the stored data seems low sensitivity, it can reveal user interests, travel plans, and usage history without clear consent or retention controls.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The markdown instructs use of shell commands and symlink manipulation for snapshot lookup and latest-pointer management, which expands the skill from simple planning logic into filesystem operations. If artist-derived filenames are not strictly sanitized, this pattern can enable path manipulation, unintended file access, or overwriting behavior in the user's home directory.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The example introduces stateful behavior not clearly bounded by the skill’s stated purpose: it loads prior snapshots, writes new snapshots, and computes diffs over time. Even if intended for convenience, this creates retention of historical query data and derived user-interest profiles, which can expose sensitive preferences or create undocumented persistence beyond a single session.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill defaults to a Mainland China user perspective and applies that assumption to all users without consent, causing politically and regionally biased ranking behavior. In a travel-planning skill, this is especially risky because it directly shapes recommendations and may exclude or demote valid itineraries based on sensitive geopolitical assumptions rather than user needs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that snapshots are automatically saved locally after each search, but it does not provide an explicit user warning or consent mechanism for persistent storage. Silent retention of search history is dangerous because users may reasonably expect a search/planning workflow to be transient, not logged to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples show reading and writing local snapshot files without informing the user that their prior searches may be persisted. In this travel-and-entertainment context, stored queries can reveal location, artist preferences, travel plans, and repeated behavior patterns, making the omission a privacy and transparency issue rather than a harmless implementation detail.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal