ClawHub

Denmark

Security checks across malware telemetry and agentic risk

Overview

This is a Denmark travel-planning skill that stores trip details locally, with no evidence of hidden execution, credential access, network use, or destructive behavior.

Install this if you want reusable Denmark planning. Be aware it may create ~/denmark/memory.md and retain trip dates, budget, traveler mix, mobility notes, and route preferences locally; review or delete that file if you do not want those details kept.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The file lacks concrete trigger constraints and negative examples, which increases the chance of inappropriate invocation by an agent orchestrator. When a skill provides legal/compliance-adjacent travel guidance, accidental activation can mislead users into relying on partial customs advice outside the intended scope.

Vague Triggers

Low
Confidence
79% confidence
Finding
The file lacks concrete trigger constraints and negative examples, which increases the chance of inappropriate invocation by an agent orchestrator. When a skill provides legal/compliance-adjacent travel guidance, accidental activation can mislead users into relying on partial customs advice outside the intended scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create and persist user-related travel data in a home-directory memory file, but provides no user-facing notice or consent step for local storage. This creates a privacy and transparency issue because users may unknowingly have personal trip details retained across sessions on disk, increasing the risk of unintended disclosure to other local users, tools, or later prompts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read and reuse persisted memory from ~/denmark/memory.md for returning users without telling the user that prior conversation details will be loaded from disk. This is dangerous because it removes user awareness and control over cross-session data reuse, potentially exposing stale or sensitive travel information and enabling privacy surprises or unauthorized local access patterns.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal