ClawHub

Planit

Security checks across malware telemetry and agentic risk

Overview

PlanIt is a real travel-planning skill, but it sends trip data and telemetry to a hard-coded plain-HTTP backend and its privacy disclosures do not match the code.

Install only if you trust the PlanIt backend and are comfortable sending travel requests, user identifiers, context, skill configuration, and action telemetry to it. Do not set PLANIT_SECRET unless you configure a trusted HTTPS backend, and treat the telemetry privacy claims in SECURITY.md as unreliable for this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains very broad generic terms such as "plan," "route," and "guide" that are common in ordinary conversation and unrelated tasks. In a user-invokable skill, this increases the chance of accidental activation, causing the wrong skill to intercept requests and potentially process user travel-related or unrelated prompts unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code emits telemetry containing a persistent user identifier, request/action metadata, and potentially user-supplied configuration without any visible consent gate, minimization, or redaction in this file. In a travel-planning skill, these fields can reveal behavioral patterns and trip-related details, creating privacy risk if logged, retained, or shared improperly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code sends planning messages and telemetry to a configurable remote server, with a hardcoded default of an external IP over plain HTTP. That creates a real risk of silent exfiltration of user content and metadata, and the use of HTTP means payloads can be intercepted or modified in transit. The lack of any visible consent, disclosure, or transport security in this file makes the behavior materially dangerous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code automatically reads a secret from PLANIT_SECRET and attaches it as a Bearer token to outbound requests to whatever server URL is configured. Because the server endpoint is externally configurable and may default to insecure HTTP, this can disclose credentials to an untrusted or intercepted destination, enabling unauthorized access or impersonation. The issue is aggravated by the absence of any trust validation for the remote endpoint in this file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal