ClawHub

上海迪士尼游园助手

Security checks across malware telemetry and agentic risk

Overview

This Shanghai Disney helper is purpose-aligned and mostly local, with a disclosed external schedule lookup through a Gaode proxy.

Installers should understand that wait times and many recommendations are simulated or local reference data, while park-hours lookup depends on an external Gaode proxy. Do not treat ticket prices, schedules, or wait times as official real-time data; confirm important plans in the official Shanghai Disney app or website.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
73% confidence
Finding
The description says the skill will accept broad natural-language requests and automatically infer intent, but it does not clearly bound when tools are invoked or what data will be used for routing. Overbroad trigger scope can cause unintended invocation, accidental disclosure of user travel details, or misuse in contexts the user did not intend.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The data-flow section states that user requests are forwarded to a Gaode Map proxy/API, but it does not clearly warn users that their query content may leave the local environment and be processed by third-party services. This is a privacy risk because itinerary preferences, timing, and family-related details in natural-language queries could be transmitted externally without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends request data to a third-party proxy service and includes a hardcoded authentication token, but the user-facing tools do not disclose that some queries may leave the local skill boundary. In this context the transmitted data appears limited and low sensitivity, which reduces severity, but the undisclosed external dependency and embedded secret still create privacy, trust, and credential-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal