Brazil

Security checks across malware telemetry and agentic risk

Overview

This Brazil travel skill stores trip notes locally, but the behavior is disclosed, scoped to travel planning, and shows no hidden network, credential, or destructive activity.

Install if you are comfortable with a local ~/brazil/memory.md file remembering trip details. Avoid storing passport numbers, full financial details, or unnecessary medical/accessibility specifics, and review or delete that file when you no longer want the trip context retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create and maintain a persistent file in the user's home directory containing sensitive travel context such as passport/nationality, budget, mobility, and other personal constraints, but it does not require explicit user consent or provide a retention notice. Persistent storage of personal data without clear notice and opt-in increases privacy risk, can surprise users, and may expose sensitive information to other tools or future sessions.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal