ClawHub

游轮船票查询

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed travel lookup functions through external proxy APIs and does not show hidden persistence, destructive behavior, or user credential access.

Install only if you are comfortable sending cruise searches, city names, route addresses, attraction keywords, and hotel preferences to the skill author’s proxy services and downstream travel providers. Avoid putting sensitive personal details in free-form hotel or transport queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly relies on external networked services ('代理服务', tourism platform APIs, map data providers) but does not declare corresponding permissions. This creates a transparency and governance gap: users and platforms cannot accurately assess what outbound data access the skill performs, while user-supplied travel queries and locations are sent off-platform to third parties. In this context, the behavior is expected for the feature set, but the lack of explicit permission declaration still makes the data flow less auditable and increases privacy and policy risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The proxy helper sends user-supplied travel searches, addresses, destinations, and city data to third-party SCF proxy endpoints, but the code contains no user-facing notice, consent, or minimization logic. This creates a privacy and data-handling risk because itinerary and location data can be logged or retained by external services outside the user’s expectation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The proxy token is hardcoded in source and automatically attached to every outbound request, which risks credential leakage through source exposure, reuse across environments, or accidental redistribution of the skill. If the token is compromised, an attacker could abuse the proxy services, impersonate the skill, or consume paid/back-end resources.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal