Local Festivals

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable local festival guide skill with disclosed event-logistics advice and no evidence of privileged access or hidden behavior.

Reasonable to install as a local festival and cultural-event guide. Treat real-time queue, ticketing, opening-hour, parking, navigation, and community-review details as planning suggestions that should be verified against current official or trusted local sources before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The skill’s documented capabilities drift from cultural-information support into nearby venue discovery, rankings, parking, ticketing, and commerce-style guidance. This mismatch can mislead the orchestrator or users about what the skill is allowed to do, increasing the chance of inappropriate data use, over-broad tool routing, or deceptive behavior beyond the declared scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal