ClawHub

酒店管家

Security checks across malware telemetry and agentic risk

Overview

This hotel-management skill is coherent, but it can change live booking prices and run ongoing order synchronization without enough built-in safeguards.

Review carefully before production use. Use test OTA/PMS accounts first, prefer environment variables or a secret manager, avoid storing real keys in local JSON, and add explicit approval, dry-run previews, audit logs, rollback steps, and a documented way to stop order sync before enabling live operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly supports direct browser-based price changes and other operational modifications, but the documentation does not require an explicit user confirmation step before executing those actions. In a hotel-management context, unintended or manipulated price/inventory changes can immediately affect revenue, availability, and bookings across OTA platforms, making this operationally dangerous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs users to enable a continuously running order-sync process to an internal PMS and notes that it polls every 5 minutes, but it does not clearly warn that this causes ongoing network transmission and operational effects. In a hotel-management context, this can lead to unintended exposure of booking data, duplicate integrations, or accidental activation of a background service by operators who do not understand the data-flow implications.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The example tells users to place a correct API key into a configuration file without any guidance on secret handling. That can normalize insecure practices such as storing credentials in plaintext files, committing them to source control, or sharing screenshots/logs that expose OTA access tokens.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal