ClawHub

喜来登酒店查询与预订

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide Sheraton hotel search help, but it can trigger too broadly and sends travel search details to an external proxy without clear user notice.

Review this skill before installing. It should be acceptable only if you are comfortable with Sheraton-related search terms, destinations, dates, and hotel identifiers being sent to the skill's external proxy service. Avoid using it for sensitive travel plans unless the publisher clearly documents the third-party service, data handling, and activation limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition '当用户提到喜来登/Sheraton时' is broad enough to activate on incidental mentions rather than clear booking intent. That can cause unintended tool use, external queries, and irrelevant retrieval of hotel pricing or links when the user may only be asking a general question, comparing brands, or discussing unrelated context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends user-supplied search inputs and hotel identifiers to an external proxy service, but the skill gives no user-facing notice that destination names, dates, keywords, and hotel queries are being transmitted off-platform. In a travel-booking context this can expose itinerary and location preferences to a third party, increasing privacy and data-handling risk, especially because the proxy is a custom endpoint rather than a clearly recognizable first-party API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal