ClawHub

Travel Assistant-CN

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only Chinese travel-planning skill, but it broadly asks for sensitive health and intimate personal details without clear consent or minimization.

Review before installing. Use it only if you are comfortable with a travel assistant asking health-related questions, and share only details that are necessary for the specific trip. Verify medical, medication, airline, and destination-entry requirements with qualified professionals or official sources before relying on the advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad and open-ended, which can cause the skill to activate for loosely related travel queries and collect more user data than necessary. In a skill that asks for personal and health details, overbroad activation increases the chance of unintended invocation, privacy over-collection, and unsafe reliance on the skill outside its intended scope.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs collection of sensitive personal and health data, including medication use, treatment status, allergies, menstruation, and other special-condition information, without any privacy notice, minimization guidance, or consent flow. This creates a substantial risk of unnecessary sensitive data exposure, regulatory noncompliance, and harm if the information is retained, logged, or mishandled.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This file provides condition-specific medical and travel recommendations for high altitude exposure, cardiovascular disease, pregnancy, diabetes, asthma, children, older adults, allergies, motion sickness, and postoperative travel, but it does not clearly warn users that the content is only general reference information and not medical advice. In a travel-planning skill, users may rely on this guidance to make real health decisions without consulting a clinician, which can lead to unsafe travel, delayed care, medication errors, or worsening of serious conditions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal