ClawHub

酒店智能搜索

Security checks across malware telemetry and agentic risk

Overview

This hotel-search skill is purpose-aligned and disclosed, but users should understand that their travel queries are sent through the publisher's cloud proxy to travel and map services.

Install only if you are comfortable sending hotel, destination, and nearby-food queries through the publisher's Tencent Cloud proxy to Fliggy and Gaode. Avoid entering sensitive personal details in searches, and treat prices and booking links as live third-party results that should be verified before purchase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill advertises a narrow 5-tool hotel workflow, but `_build_tips` injects unrelated recommendations such as attractions, train tickets, flights, and city transport into outputs. This is a capability-misrepresentation issue that can mislead users or downstream agents into believing the skill supports functions outside its declared scope, increasing the chance of unintended tool chaining or trust abuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code sends user-provided hotel queries and geolocation-related address data to external proxy endpoints (`FLIGGY_PROXY` and `GAODE_PROXY`) without any visible consent, notice, or data-handling disclosure. Because travel queries can reveal sensitive location, itinerary, or accommodation preferences, undisclosed third-party transmission creates privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
A hardcoded proxy token is embedded directly in the script and then sent on every outbound request. Embedded secrets are easily exposed through source distribution, logs, or reuse in other environments, allowing unauthorized use of the proxy service and possible abuse of associated quotas or backend access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal