ClawHub

途牛旅行助手

Security checks across malware telemetry and agentic risk

Overview

This travel assistant is mostly coherent, but it can send personal booking details to a hard-coded cloud proxy and perform bookings or cancellations that may affect money or orders.

Install only if you trust the publisher and the cloud proxy handling your travel searches and booking details. Before any booking or cancellation, require the agent to show the exact trip, traveler/contact details, price or fee impact, and order ID, then wait for explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill exposes multiple network-backed tools and explicitly routes requests through a cloud proxy, but the manifest does not declare corresponding permissions or provide clear security controls for that connectivity. This weakens transparency and reviewability, making it easier for hidden data flows or unintended external transmission of travel and booking data to occur.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These tools invoke real booking and cancellation operations against a remote service with no built-in confirmation, dry-run mode, or explicit user-consent check. In an agent setting, that creates a material risk of unintended purchases, cancellations, or financial/account-impacting actions if the tool is triggered by mistake, prompt injection, or ambiguous user input.

Missing User Warnings

High
Confidence
98% confidence
Finding
The shared _post helper sends all supplied parameters, including traveler identities, contact phone numbers, and booking details, to a hard-coded remote proxy endpoint using a static token. This centralizes sensitive data transfer through infrastructure outside the local skill and provides no disclosure, minimization, or verification of how that third-party proxy stores, logs, or further forwards personal and transactional data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal