ClawHub

Star Hotel Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed hotel-search integration with no executable code or local access, though users should avoid sending personal details in hotel queries.

Use this skill only when you want hotel search or hotel pricing help. Do not include names, phone numbers, emails, IDs, payment details, loyalty numbers, travel documents, or other private information in prompts that may be sent to the hotel service, and verify country, currency, dates, and language settings before relying on results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Low
Confidence
95% confidence
Finding
The skill explicitly requires removing personal identification information from originQuery, but the worked example preserves the full user request instead of demonstrating compliant sanitization. In practice, examples strongly steer agent behavior, so this inconsistency can cause the tool to forward unnecessary personal data to downstream systems, creating avoidable privacy and data-minimization risk.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions are broad and can activate on generic travel or accommodation discussions without sufficiently clear boundaries. That can cause the agent to invoke the hotel-search tool unnecessarily, sending user content to the tool when the user may only be asking for general advice or comparisons, increasing unintended data disclosure and incorrect actions.

Natural-Language Policy Violations

Medium
Confidence
72% confidence
Finding
Defaulting the language environment to zh_CN without user choice can cause the tool to process or return content in an unexpected locale, which may mis-handle user preferences or regional assumptions. While not a severe security flaw by itself, it can contribute to privacy and correctness issues if user context is inferred without consent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger scenarios are phrased in broad, assistant-internal terms such as 'when you need to' and 'you want to enhance search results,' which can cause the agent to invoke the tool too eagerly rather than only in response to explicit user need. In this hotel-search context, that primarily creates unnecessary tool calls, increased cost/latency, and a higher chance of irrelevant behavior rather than direct security compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal