ClawHub

Travel Itinerary Builder

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill has sensitive optional integrations, but the reviewed artifacts disclose them and keep them aligned with itinerary generation.

Install the base skill only if you are comfortable running local travel-planning scripts. Enable Gmail parsing deliberately, use narrow dates and keywords, and protect or delete the generated bookings JSON because it can contain reservation numbers and travel details. Review the optional gog and goplaces tools before granting them account or API credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no formal permissions while the documentation clearly indicates access to environment variables, local file read/write, and shell execution via external CLIs like curl, gog, and goplaces. This creates a transparency and governance gap: users or orchestrators may invoke a skill with broader capabilities than expected, including access to sensitive Gmail-derived travel data and API credentials.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The workflow and integrations mention Notion synchronization, but the manifest does not declare that capability or any related credentials. Undeclared external sync behavior is risky because it can lead to unreviewed transmission of sensitive itinerary and booking data to third-party services outside the expected permission model.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script writes extracted Gmail-derived travel data, including email metadata and booking details, to disk without warning, consent flow, or restrictive file-permission handling. This creates a privacy and data-exposure risk because local files may be readable by other users, synced to cloud storage, or retained longer than intended.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script accesses Gmail content and forwards a keyring-related secret into a subprocess environment without any explicit privacy notice or credential-handling safeguards. While not inherently malicious, this increases exposure of sensitive mailbox data and secrets to child processes and operational logs or debugging tools.

Missing User Warnings

Low
Confidence
88% confidence
Finding
User-supplied destination names are sent to wttr.in, an external third-party service, with no explicit consent, notice, or privacy control visible in this code path. In a travel-planning skill this data sharing is functionally expected, but it still creates a privacy issue because itinerary locations can reveal sensitive travel plans.

Credential Access

High
Category
Privilege Escalation
Content
- gog
      - goplaces
    optionalEnv:
      - GOG_KEYRING_PASSWORD
      - GOOGLE_PLACES_API_KEY
    install:
      - id: gog
Confidence
89% confidence
Finding
KEYRING

Credential Access

High
Category
Privilege Escalation
Content
This skill calls:
- `weather` — Daily forecasts
- `goplaces` — Attraction and restaurant search
- `gog` — Gmail parsing (optional, requires GOG_KEYRING_PASSWORD)
- `notion` — Sync to Notion database (optional, requires Notion API key)

## Tips
Confidence
90% confidence
Finding
KEYRING

Credential Access

High
Category
Privilege Escalation
Content
## Troubleshooting

- **Gmail parsing fails**: Check GOG_KEYRING_PASSWORD is set and account has access
- **Weather data missing**: Ensure dates are within forecast range (usually 10 days)
- **Places not found**: Try broader search terms or check goplaces API key
- **HTML rendering issues**: Open in modern browser (Chrome, Firefox, Safari)
Confidence
87% confidence
Finding
KEYRING

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal