ClawHub

万豪酒店预订

Security checks across malware telemetry and agentic risk

Overview

The hotel-search behavior is mostly purpose-aligned, but the skill appears to route travel queries through an under-disclosed third-party proxy and includes a hardcoded proxy credential.

Install only if you are comfortable with hotel search details being sent to an external proxy service. Avoid entering sensitive itinerary details until the publisher documents the proxy destination, data handling, and credential management, and rotates/removes the embedded token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly describes sending user queries to an agent service and downstream travel platform APIs to fetch real-time hotel data, which confirms networked data handling despite no declared permissions. This creates a transparency and governance gap: users and reviewers may not understand that destination, hotel name, and potentially date-related travel queries are transmitted to third parties, increasing privacy, compliance, and supply-chain risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-provided hotel search inputs to an external proxy service over the network, but the interface text and code provide no disclosure that user travel queries are being transmitted to a third-party endpoint. Travel dates, destinations, hotel names, and related preferences can reveal sensitive itinerary information, so silent exfiltration to a remote service creates a privacy and trust risk even if the transport is HTTPS.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code hardcodes a proxy authentication token directly in the script and uses it for every outbound request. Embedded credentials are easily exposed through source distribution, logs, or repository leaks, allowing unauthorized reuse of the proxy service and potentially enabling abuse, quota exhaustion, or access to associated backend data flows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal