ClawHub

DINGs 托管式 AI 电话助手(中国、日本餐厅预订)

Security checks across malware telemetry and agentic risk

Overview

This restaurant-booking skill is purpose-aligned, but it needs review because it can send personal booking details to TripNow/DINGs and place automated phone calls without a clearly required final consent step.

Install only if you trust the TripNow/DINGs service with reservation details and phone numbers. Before any booking call, confirm the restaurant, date and time, party size, contact phone, preferred language, callback destination, and explicit permission to place the call. Avoid putting the API key in URLs or shared logs, and use a private HTTPS callback endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very broad and overlap with ordinary restaurant-search requests, increasing the chance the skill is invoked when a user only wants general information. In this skill, unintended invocation is more dangerous than usual because it can lead to collection of personal data and progression toward an automated outbound call workflow via a third-party service.

Missing User Warnings

High
Confidence
96% confidence
Finding
The description promotes restaurant booking and search but does not prominently warn users that their reservation details and phone number will be sent to an external provider and that an automated outbound call will be placed on their behalf. This creates a consent and privacy risk, especially because the skill handles personal contact data and triggers real-world actions outside the assistant.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The workflow hard-codes communication language by country, forcing zh for China and ja for Japan without user choice or confirmation. This can cause miscommunication with the restaurant or user, potentially leading to incorrect reservations, disclosure of sensitive details in an unintended language context, or actions the user did not fully understand.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal