ClawHub

Austin

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Austin guide with narrow, disclosed local memory behavior, though users should verify legal, housing, and safety advice before relying on it.

Install only if you are comfortable with an Austin guide keeping a small local memory of your Austin-related preferences. Verify business, tax, immigration, housing, school, and safety details with official sources or qualified professionals, and do not rely on any advice that suggests riding or driving after drinking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill gives detailed business-formation, tax, employment, and legal guidance as if it were generally reliable, but it does not warn users that rules, thresholds, and regulatory requirements may change and vary by business type. Users could rely on outdated or oversimplified statements—such as tax thresholds, workers' compensation requirements, licensing, or enforceability of non-competes—and make legally or financially harmful decisions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly creates a persistent local memory file and directs the agent to store conversation-derived context such as role, timeline, budget, neighborhoods, and preferences, but it provides no notice, consent flow, retention limit, or sensitivity guidance. In a location/advisory skill, this can accumulate personal profiling data across sessions and surprise users who do not expect durable storage of their behavior and preferences.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The content recommends and discourages neighborhoods using attributes like 'best schools,' 'diverse community,' and specific areas to avoid, without framing these as user-driven criteria or adding caution about housing-law and bias concerns. In a relocation skill, this can amount to demographic or school-based steering, which is sensitive and can normalize discriminatory decision-making by users or downstream agents.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The family-oriented sections explicitly steer users with children toward or away from neighborhoods based primarily on school quality, including statements like 'schools first' and 'Avoid: ... Deep East Austin (schools).' In housing guidance, especially for relocators, this creates a meaningful risk of discriminatory steering or facilitating decisions that proxy for protected characteristics.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to modify the user's MEMORY.md on first use, which is a persistent user-data write, yet it does not require explicit informed consent tied to the write operation itself or describe the scope and consequences of the modification. Because this happens as part of normal skill operation and targets a cross-session memory file, it can create unauthorized persistence, unexpected behavior in future conversations, and user-data integrity issues.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The skill explicitly lists scooter use for 'Bar hopping (one drink max),' which normalizes operating a scooter in connection with alcohol consumption. Even with the qualifier, this can encourage impaired riding, creating a meaningful risk of injury to the user and others, and potential legal consequences depending on local law and enforcement.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal