ClawHub
Back to skill

Security audit

UTravel

Security checks across malware telemetry and agentic risk

Overview

UTravel is a travel-planning skill with disclosed preference memory that fits its purpose, though users should understand what is saved.

Install only if you are comfortable with a travel assistant remembering your trip preferences for future planning. Avoid sharing sensitive health, identity, or accessibility details unless needed, and look for a way to view, disable, or delete saved preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states it will store user profile attributes such as user type, travel style, preferences, and accommodation preferences for future personalization, but it provides no consent flow, privacy notice, retention period, or opt-out. This creates a privacy risk because personal preference data can be collected and persisted beyond the immediate task without the user's informed agreement.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs persistent storage of user profile details for future use without any mention of consent, minimization, retention limits, or access controls. Because these attributes may reveal behavioral patterns and potentially sensitive context such as age group or special needs, retaining them indefinitely increases privacy exposure and downstream misuse risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The output example normalizes saving the user's preferences with the statement that the preferences have been recorded for future use, again without explicit permission. This is dangerous because examples shape implementation and user expectations, encouraging silent data retention as a default behavior.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal