ClawHub

W酒店查询与预订

Security checks across malware telemetry and agentic risk

Overview

This W Hotels search skill does what it claims, but it sends travel queries through a third-party proxy using a hardcoded proxy token that is not clearly disclosed to users.

Install only if you are comfortable with your W Hotels searches, dates, locations, and filters being sent to the listed third-party proxy. The skill is not showing destructive or deceptive local behavior, but the publisher should disclose the proxy data flow and move the proxy token out of the public source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes a Python script that appears to perform live hotel search/detail/package lookups against an external data source, which implies network access, but the skill declares no corresponding permissions or trust boundaries. Undeclared network capability is dangerous because it hides data-flow and execution expectations from reviewers and platform enforcement, increasing the risk of unauthorized outbound requests, data exfiltration, or unexpected third-party dependency behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends user-supplied hotel search parameters to an external Tencent SCF proxy service, but the file contains no disclosure, consent flow, or indication to the caller that their query data is being transmitted off-platform. This creates a privacy and data-governance risk, especially because travel queries can reveal location, dates, and preferences that may be sensitive.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
A long-lived proxy authentication token is hardcoded in the source and automatically included in outbound requests. Embedding credentials in code is dangerous because it enables secret leakage through source exposure, logs, forks, or package distribution, and could let others abuse the proxy service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal