ClawHub

smart-hotel-search

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent hotel-search purpose, but it asks users to install browser automation that can use a logged-in Xiaohongshu Chrome session without enough safety warnings or limits.

Install only if you are comfortable with third-party CLI and browser-extension automation using a logged-in Xiaohongshu session. Prefer a separate Chrome profile or low-risk account, review OpenCLI and FlyAI before installing, protect any FlyAI API key, approve the exact searches before they run, and disable the extension or log out when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition is broad enough that the skill may activate for many hotel-related requests that only partially fit its purpose, causing the agent to route user queries through external content search and booking workflows unnecessarily. In a security context, over-broad activation increases exposure to third-party tools, scraped user-generated content, and unnecessary account/session usage, which expands the attack surface and can lead to inappropriate tool invocation or data handling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples direct searches and booking lookups through third-party services such as 小红书 and 飞猪, but do not warn that destination, dates, pet ownership, family status, and other travel preferences may be transmitted to those external platforms. In a hotel-search skill, that omission can cause unintended disclosure of sensitive user context and profiling data, especially when users may assume the agent is handling the request locally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to set FLYAI_API_KEY directly on the command line without warning that this is a sensitive secret. Doing so can expose the key through shell history, shared terminals, process monitoring, screenshots, or synced config files, which can lead to unauthorized API use and quota or billing abuse.

Missing User Warnings

High
Confidence
97% confidence
Finding
The document instructs users to install opencli specifically to reuse a local Chrome login session and then log into Xiaohongshu, but it does not clearly warn that this grants the tool access to an authenticated browser context and potentially session-linked site data. That materially increases the risk of account misuse, unintended actions on behalf of the user, scraping of private data, or compromise if the tool or extension is malicious or overly privileged.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal