ClawHub

酒店降价监控Skill-by RollingGo

Security checks across malware telemetry and agentic risk

Overview

This hotel price-watching skill is coherent and disclosed, but users should protect the RollingGo API key and understand it may involve travel-watch data handled by the host agent.

Install only if you trust RollingGo and are comfortable sharing hotel-search and booking-context details with its CLI/service. Set the API key via an environment variable rather than typing it directly into commands, and only allow host-agent reminders or stored watch lists for hotels you explicitly want monitored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The top-level description includes broad trigger phrases such as hotel search, booking help, and price reminder language that are common in ordinary travel conversations. Overbroad activation can cause the skill to engage in contexts the user did not intend, leading to unnecessary collection of travel plans, hotel preferences, and booking-related details, and can crowd out more appropriate skills or system behaviors.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage-scenario activation rules are open-ended, including vague conditions like expressing travel plans with price interest or wanting to know whether a hotel is worth watching. In an agent ecosystem, ambiguous triggers increase the chance of unintended invocation and premature prompting for itinerary or reservation data, which is a privacy and workflow-integrity concern even without malicious code.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly shows passing the API key via the `--api-key` command-line flag, which can expose the secret through shell history, process listings, CI logs, or terminal recordings. In this skill context, users may copy-paste commands directly, so the example materially increases the chance of credential leakage even though it is presented as convenience guidance rather than an attack.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly shows passing the API key inline on the command line, which can expose credentials through shell history, terminal logging, process inspection, and copied transcripts. In this hotel-booking skill context, the key likely grants access to a live third-party service, so accidental disclosure could enable unauthorized API use, quota abuse, or account misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal