ClawHub
Back to skill

Security audit

Travel Festival Event Strategist

Security checks across malware telemetry and agentic risk

Overview

This is a descriptive travel-planning skill with no evidence of hidden access, persistence, network use, or high-impact actions.

This skill appears safe to install for festival and event travel planning. Users should still verify event dates, prices, safety advisories, cultural etiquette, and booking details with official or current sources because the skill explicitly does not use live data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords are broad and repetitive (for example, generic terms like 'festival', 'event', 'strategy considerations', and 'travel logistics if applicable'), which can cause the skill to activate on ordinary travel requests outside its intended scope. Overbroad activation increases prompt-surface area, can route unrelated user queries into this skill unnecessarily, and may crowd out more appropriate skills or inject irrelevant guidance.

Vague Triggers

Low
Confidence
84% confidence
Finding
Example prompts such as 'Help me with festival and event travel strategist for my trip to Japan' are framed as generic assistant requests and do not sufficiently constrain the domain boundaries of the skill. This can encourage activation from loosely related travel prompts, leading to misrouting and over-collection of context for requests that may be better handled by narrower or more general travel skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.