ClawHub

voyager-travel-agent

Security checks across malware telemetry and agentic risk

Overview

This travel helper is purpose-aligned and disclosed, though users should know it sends travel search details to Alipay+ and may assume default hotel dates.

Install only if you are comfortable sharing travel search details such as cities, dates, and search terms with Alipay+ servers. Treat returned booking links as recommendations to review yourself, and confirm hotel dates because the skill may apply defaults when dates are missing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase 'when user asks about flights or tickets' is broad enough to activate on casual travel discussion, increasing the chance the skill runs without sufficient user intent or context. In a travel-booking skill, over-triggering can lead to unnecessary collection of trip details, premature tool calls, and confusing or privacy-impacting responses, even though the file does not itself exfiltrate data or override controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to apply check-in and check-out defaults silently, which can cause the agent to present or act on travel parameters the user never confirmed. In a booking or recommendation workflow, hidden assumptions about dates can mislead users, produce irrelevant results, or propagate into downstream booking steps with financial or operational consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits user-supplied travel query data, including itinerary and location details, to a remote third-party API with no disclosure, consent step, or visible trust boundary in the executable flow. In an agent skill context, this creates a privacy and data-handling risk because users or calling components may not realize their travel preferences and dates are being sent off-box to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal