ClawHub

智能景点推荐

Security checks across malware telemetry and agentic risk

Overview

This travel skill sends user-entered destination, address, and route queries through disclosed cloud proxies to provide POI, ticket, weather, and transportation results, with no evidence of local persistence or unrelated behavior.

Install only if you are comfortable sending travel searches, addresses, coordinates, and route details to the skill publisher's cloud proxy for Fliggy and Gaode lookups. Avoid highly sensitive locations or private itinerary details unless you trust the proxy operator's no-storage claim.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-provided travel queries and location data to third-party proxy endpoints, but the code provides no disclosure, consent flow, or minimization before transmitting potentially sensitive location and itinerary information. In this context, the proxies are not the official upstream providers but intermediary SCF services, which increases privacy and data-handling risk because users may not realize their inputs are leaving the platform and passing through additional infrastructure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
A hardcoded proxy token is embedded directly in the source, making the credential recoverable by anyone with code access and potentially by downstream users if the skill is distributed publicly. If reused in production, an attacker could abuse the proxy services, consume quota, impersonate the skill, or access data routed through those endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal