ClawHub

Golf Tee Times

Security checks across malware telemetry and agentic risk

Overview

The skill can search tee times, but it also instructs agents to use stored GolfNow credentials and saved payment details to complete real bookings.

Review carefully before installing. This skill is not just a tee-time search helper: it includes instructions for logging into GolfNow, applying rewards, relying on a saved AMEX card, sending checkout screenshots, and completing a paid reservation after approval. Install only if you intentionally want booking authority and are comfortable with the local credential and payment setup it expects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
A search-and-compare skill escalates into executing real bookings with stored credentials and payment instruments. That is a materially different, high-risk action domain involving account access and financial transactions, which exceeds the stated purpose and increases the chance of unauthorized purchases.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instructions retrieve GolfNow credentials from a vault for login even though the skill is presented as a tee-time discovery tool. Accessing stored secrets without clear necessity or up-front user consent creates account-takeover and misuse risk if the skill is invoked unexpectedly or manipulated.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
The skill instructs use of a saved payment method to complete reservations, enabling direct spending from a skill whose stated purpose is informational. This can lead to unauthorized financial transactions, especially when paired with stored login state and broad invocation rules.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough to trigger on generic golf-related requests, not just tee-time search. Overbroad activation increases the chance the skill runs in contexts where the user did not intend account access, booking preparation, or network calls.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The 'When to Use' section lacks hard boundaries and can activate the skill for vague requests like 'play a round' or general golf planning. In a skill that also contains booking and credential instructions, ambiguous invocation materially raises misuse risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill accesses stored credentials without an up-front warning that account secrets will be used. Users may think they are merely searching tee times, while the skill silently crosses into authenticated account operations.

Ssd 3

High
Confidence
98% confidence
Finding
Embedding natural-language instructions to retrieve and reuse stored account credentials exposes a sensitive operational pathway directly in the skill. This lowers the barrier to secret misuse and normalizes authenticated actions without strong boundary checks.

Ssd 3

High
Confidence
97% confidence
Finding
The skill tells the agent to send screenshots of the final checkout page to the user, which may expose billing details, saved card information, personal data, discounts, or session-specific account information. Screenshot-based disclosure is difficult to sanitize reliably and can leak more than intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal