ClawHub

景点门票聪明买

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed travel ticket price comparison tool, but it routes searches through external proxy services using an embedded proxy token.

Before installing, understand that attraction names, cities, and ticket queries will be sent to external proxy services and travel-platform APIs. Avoid entering sensitive personal or account information, and the publisher should move the embedded proxy token out of source code and document the contacted services more clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly describes making outbound requests through an agent service to multiple travel-platform APIs, which is network-capable behavior, yet the skill metadata shows no declared permissions or equivalent disclosure. This creates a transparency and governance gap: users and platform operators may not realize the skill sends user-supplied attraction queries to external services, making review, consent, and policy enforcement harder.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script embeds a reusable proxy authentication token directly in source code and automatically attaches it to outbound requests to external SCF endpoints. Anyone with access to the code can extract and reuse the token to call the proxy service outside the intended skill flow, potentially causing unauthorized usage, quota exhaustion, or access to proxy-backed data/services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Authenticated network requests are performed using a hardcoded proxy token without any user-facing disclosure that requests are being routed through an external proxy service. This creates both a credential exposure issue and a transparency/privacy issue, because users cannot meaningfully consent to their queries being sent to third-party infrastructure under embedded credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal