ClawHub
Back to skill

Security audit

Ctrip Compare

Security checks across malware telemetry and agentic risk

Overview

This travel-comparison skill mostly does what it claims, but it asks for broad control over the user's local browser that deserves review before installation.

Review before installing. Use it only with a separate temporary Chromium profile launched for Ctrip, not your everyday logged-in browser. Save browser work before approving any restart, avoid automatic process kills unless necessary, and close the debug browser when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill goes beyond travel-product comparison and instructs the agent to discover installed browsers, inspect localhost CDP endpoints, kill browser processes, and restart applications. Those are privileged local system-management actions unrelated to the core comparison task and can disrupt user activity or be abused to interfere with other sessions and applications.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents a benign travel-analysis workflow, but the documentation authorizes local process control on the user's machine. This is a scope mismatch that makes the skill more dangerous because users invoking a comparison tool would not reasonably expect it to terminate and relaunch browsers, creating a consent and trust boundary violation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends forcibly killing all processes for a selected browser and restarting it, but it does not provide a strong, explicit warning that this may close unrelated windows, lose unsaved form data, interrupt downloads, or terminate authenticated sessions. Even with a confirmation example, the risk communication is inadequate for such destructive actions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal