ClawHub

RG旅行预订

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform travel search as advertised, but it sends travel details and an optional proxy token to a cloud proxy whose destination can be changed through an undocumented environment variable.

Review before installing. Use this only if you are comfortable sharing travel-search details with the RG cloud proxy and receiving commission-tracked booking links. Do not set RG_PROXY_URL unless it points to a trusted endpoint, and avoid providing PROXY_TOKEN unless you trust the configured proxy destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'req' from os.environ.get (line 27, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            data = json.loads(resp.read().decode("utf-8"))
            return data
    except urllib.error.HTTPError as e:
Confidence
90% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill does mention commission in the body, but it does not present commission tracking as a prominent user-facing warning at description/consent time. Because booking links include affiliate tracking, insufficient disclosure can undermine informed consent and create privacy/commercial-manipulation risk for users.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill sends user-provided travel details such as cities, dates, hotel names, and booking-related identifiers to a remote proxy service, but the code contains no disclosure, consent, or privacy guardrails. Travel itinerary data can be sensitive personal information, so silent transmission to a third party creates a real privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal