ClawHub

全球酒店搜索与推荐

Security checks across malware telemetry and agentic risk

Overview

This hotel-search skill sends travel search details to a disclosed cloud proxy for hotel results, which matches its purpose, but users should understand the privacy tradeoff before using it.

Install only if you are comfortable sending hotel destination, travel dates, preferences, occupancy, and any child-related booking details to the skill's cloud proxy. Avoid including unnecessary personal details in the query, and treat returned prices and booking links as external-service results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends user travel queries and booking-related details to a remote proxy service, which can include sensitive itinerary and preference data. In a travel context, this can reveal destination, dates, business travel intent, family status, and other personal information without any visible consent, minimization, or privacy notice in the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Hotel detail requests transmit child-count and child-age information to the remote backend, which is especially sensitive because it concerns minors. Even if needed for booking accuracy, sending this data without clear notice, minimization, or controls increases privacy risk and may trigger compliance concerns depending on jurisdiction.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The proxy token is hardcoded in source, exposing reusable credentials to anyone with code access and making accidental leakage through repositories, logs, or packages likely. If the token grants access to backend services, attackers could abuse the proxy, incur cost, extract data, or impersonate the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal