Is eventbrite safe?

https://clawhub.ai/byungkyu/eventbrite

72
CAUTION

This Eventbrite skill is a documentation-only package with no executable code, git hooks, or malicious payloads. However, it routes all API traffic and OAuth credentials through a third-party gateway (gateway.maton.ai) rather than directly to Eventbrite, creating a persistent man-in-the-middle position where the gateway operator has full visibility into user credentials, PII, and financial data. The skill also cross-references another skill from the same author and normalizes inline code execution patterns.

Category Scores

Prompt Injection 70/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 75/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 50/100 · 5%

Findings (8)

HIGH All traffic proxied through third-party gateway -30

Every API call routes through gateway.maton.ai instead of directly to Eventbrite. The user's MATON_API_KEY is sent with every request, and OAuth tokens are managed server-side by Maton. This gives the gateway operator a persistent man-in-the-middle position with full visibility into all Eventbrite account activity, including PII (attendee emails, names), financial data (orders, ticket sales), and organizational data.

MEDIUM Cross-skill reference encourages chaining -15

The skill description explicitly references another skill by URL ('For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway)'), which could encourage agents to install additional unaudited skills and expand the attack surface.

MEDIUM Inline executable code patterns normalize shell execution -15

The skill contains 15+ Python heredoc code blocks (python <<'EOF') designed to be executed by the agent. While these are legitimate API examples, they establish a pattern where the agent routinely executes embedded code from the system prompt, which reduces the barrier for malicious code injection in modified skill versions.

MEDIUM OAuth credential management delegated to third party -10

Eventbrite OAuth tokens are created, stored, and managed by ctrl.maton.ai. Users never see or control their own OAuth tokens directly. The gateway can use these tokens independently of user requests.

LOW Installation runtime accesses sensitive dotfiles -25

The ClawHub runtime loader accessed .env, .aws/credentials, .profile, .bashrc, and openclaw configuration files during skill installation. While this is attributable to the runtime rather than the skill itself, it indicates the installation environment has broad filesystem access.

INFO No executable files in skill package 0

The skill contains only markdown documentation, JSON metadata, and a license file. No scripts, binaries, git hooks, submodules, or symlinks are present.

INFO Canary files unmodified 0

All honeypot files remained intact throughout the audit. No evidence of credential harvesting or file exfiltration.

MEDIUM PII and financial data exposure to gateway operator -50

When used as intended, this skill sends attendee personal information (names, emails), order/payment data, and organizational details through the Maton gateway. A compromised or malicious gateway could harvest this data at scale across all users of the skill.