ClawHub

TixFlow

Security checks across malware telemetry and agentic risk

Overview

TixFlow appears to be an event-ticketing assistant, but it advertises purchases, wallet-linked NFT ticketing, and calendar/account actions without clear consent, scoping, or live-vs-demo boundaries.

Review carefully before installing or enabling live credentials. Treat it as demo or unfinished unless every purchase, NFT mint, calendar write, route lookup, waitlist entry, and wallet-linked action requires explicit confirmation and shows the affected service, data shared, price, fees, wallet/account, and reversibility limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents ticket purchasing and wallet-address-based waitlist flows that may trigger blockchain-related actions, but it does not clearly warn users that these operations can affect digital assets, incur costs, or require careful wallet handling. In an agent skill context, users may treat documented functions as low-risk assistant actions, increasing the chance of unintended purchases, asset minting, or disclosure of wallet identifiers.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README advertises calendar sync and directions features without disclosing that event details, timing, and possibly location data may be sent to Google Calendar or Maps. In a conversational agent setting, users may not realize these features involve third-party data sharing, which can create avoidable privacy and consent issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises ticket purchasing and Google Calendar synchronization, which involve financial actions and disclosure of personal data to third-party services, but provides no explicit warning, consent model, or explanation of what data is sent externally. In an agent context, this increases the risk of users triggering purchases or sharing email/calendar information without understanding the consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example code passes a user email address to calendar sync and a wallet address to ticket purchase without any privacy notice, consent guidance, or caution about real-world effects. This normalizes handling sensitive identifiers in examples and may encourage downstream agents or developers to wire these actions directly into automation without proper user approval or data minimization.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad natural-language phrases such as "buy ticket," "add to calendar," and especially generic routing phrases like "directions to" and "get directions" that may match ordinary conversation outside the intended ticketing context. Because this skill can invoke external actions and integrations, accidental activation could lead to unintended data access, external API usage, or transactional flows being initiated without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description advertises behaviors involving ticket purchase, calendar synchronization, wallet interaction, and third-party services, but it does not warn users that the skill may trigger external network calls, mint cNFT tickets, or affect personal data/services. In a conversational agent setting, lack of clear user-facing disclosure increases the risk of users invoking sensitive actions without understanding that financial, privacy, or account-linked operations may occur.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very broad, generic terms such as "music" and "theater," which can cause the skill to activate in conversations where the user did not intend to buy tickets or invoke an event-booking workflow. In a skill that exposes ticket purchase, calendar sync, and waitlist actions, unintended activation increases the risk of privacy-sensitive data collection or accidental progression toward transactional actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes a Google Calendar sync capability using a user email address but provides no visible disclosure, consent language, or warning that calendar data will be created or modified. Because calendar integration is privacy-sensitive and can reveal attendance patterns or personal schedules, lack of explicit notice and confirmation can lead to unauthorized or surprising changes to a user's account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal