ClawHub

Japan Business Operations (EDITION)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Japan business API skill, but it needs Review because its remote persistent memory can store personal or business notes without clear privacy, deletion, or access-control boundaries.

Review before installing. Basic Japan information lookups are purpose-aligned, but avoid submitting confidential business plans, visa or passport details, client notes, employee information, itineraries, or contact preferences unless you are comfortable sending them to EDITION's remote service. Do not use the memory endpoints for sensitive data until the publisher documents consent, retention, deletion, isolation, and access controls; verify the npm MCP package separately before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages storing person-related notes in a remote persistent memory service, including potentially sensitive relationship and preference data, but provides no privacy notice, retention limits, consent guidance, or data handling constraints. In an agent context, this can lead to silent collection and long-term external storage of personal data, creating privacy, compliance, and data minimization risks.

External Transmission

Medium
Category
Data Exfiltration
Content
Search all 10 knowledge domains simultaneously with a single query.

```bash
curl -X POST https://api.edition.sh/api/v1/search \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "opening a restaurant in Osaka"}'
Confidence
90% confidence
Finding
curl -X POST https://api.edition.sh/api/v1/search \ -H "Authorization: Bearer edition_dev_key_for_testing" \ -H "Content-Type: application/json" \ -d '{"query": "opening a restaurant in Osaka"}'

External Transmission

Medium
Category
Data Exfiltration
Content
Search all 10 knowledge domains simultaneously with a single query.

```bash
curl -X POST https://api.edition.sh/api/v1/search \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "opening a restaurant in Osaka"}'
Confidence
90% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
### 2. Regulation Check

```bash
curl -X POST https://api.edition.sh/api/v1/regulation/check \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"action": "open a restaurant in Tokyo", "entity_type": "foreign_company"}'
Confidence
88% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
### 3. Business Protocol

```bash
curl -X POST https://api.edition.sh/api/v1/protocol/check \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "business card exchange"}'
Confidence
85% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. Foreign Market Entry

```bash
curl -X POST https://api.edition.sh/api/v1/foreign-entry/check \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "how to get a management visa"}'
Confidence
89% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
### 5. Calendar Intelligence

```bash
curl -X POST https://api.edition.sh/api/v1/calendar/check \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "best time to start a business in Japan"}'
Confidence
82% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
### 6. Travel & Entertainment

```bash
curl -X POST https://api.edition.sh/api/v1/travel/search \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "ryokan etiquette"}'
Confidence
78% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Store
curl -X POST https://api.edition.sh/api/v1/memory/episodes \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"content": "Met with Tanaka-bucho. He prefers informal meetings.", "auto_extract": true}'
Confidence
97% confidence
Finding
https://api.edition.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"content": "Met with Tanaka-bucho. He prefers informal meetings.", "auto_extract": true}'

# Recall
curl -X POST https://api.edition.sh/api/v1/memory/episodes/search \
  -H "Authorization: Bearer edition_dev_key_for_testing" \
  -H "Content-Type: application/json" \
  -d '{"query": "what does Tanaka prefer"}'
Confidence
93% confidence
Finding
https://api.edition.sh/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal