ClawHub

威斯汀酒店查询与预订

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Westin hotel search skill that sends hotel query details to a disclosed proxy service and returns booking links without making reservations.

Install only if you are comfortable sending hotel search details such as destination, dates, keywords, and hotel names to the skill publisher's proxy service and onward to travel APIs. Avoid using it for unusually sensitive travel plans unless you trust that proxy; it appears read-only and does not directly book rooms or store local data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly describes sending user-supplied hotel queries to an agent service and third-party travel platform APIs, which is network-capable behavior, yet no corresponding permission declaration is present. This creates a transparency and policy-enforcement gap: users and the platform may not be properly informed that their inputs are transmitted externally, increasing the risk of unintended data exposure and weakening review controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-supplied hotel search and detail parameters to a third-party proxy service over the network, but the code provides no disclosure, consent flow, or indication to the caller that their destination, dates, hotel names, and related queries are being forwarded externally. In a travel-booking context this can expose itinerary and location data to an operator outside the expected platform boundary, creating privacy and data-governance risk even though the transport uses HTTPS.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The proxy access token is hardcoded in source and automatically sent in every request header. If the code is shared, logged, or extracted from the deployed package, the credential can be reused by unauthorized parties to abuse the proxy, consume quota, impersonate this skill, or access associated backend data/services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal