ClawHub

酒店比价

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it embeds a reusable proxy token while claiming the script contains no API keys, so it needs review before installation.

Install only if you are comfortable sending hotel search details to the publisher's cloud proxy and third-party travel platforms. The publisher should remove and rotate the embedded proxy token, make external data sharing clearer, and narrow triggers before this is treated as a low-risk install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script hardcodes a live proxy token despite claiming secrets are stored only in environment variables. Anyone with access to the code can reuse the token to call the proxy, potentially abusing the backend service, extracting proxied data, or incurring unauthorized cost and quota consumption.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger conditions are broad enough to activate on many generic travel or lodging-related requests, which can cause the skill to run and send user queries to external services without sufficiently specific intent. In this context, over-triggering is risky because the skill performs networked searches and may generate third-party outbound requests or booking links from loosely related prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it provides booking links and uses cloud proxies and third-party OTA sources, but it does not prominently warn users that their search data will be transmitted externally or that clicking links leaves the host environment. This creates a transparency and privacy risk, since users may unknowingly disclose travel plans or be redirected to third-party booking pages.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The function sends user-provided search inputs such as city, dates, and keywords to a remote proxy service without any clear disclosure to the user. In a travel skill, these inputs can reveal itinerary and location preferences, so silent transmission to a third-party endpoint creates a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Embedding a sensitive proxy credential directly in code makes the credential recoverable by anyone who can inspect the skill package. This can enable unauthorized proxy access and backend abuse, and the lack of disclosure compounds the risk by hiding that privileged external access exists at all.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal