ClawHub

Florida

Security checks across malware telemetry and agentic risk

Overview

This is a Florida guidance skill with optional local memory and no evidence of hidden execution, exfiltration, or unsafe behavior.

Safe to install for Florida planning. Choose a narrow activation preference if you only want the skill for relocation, travel, housing, storms, insurance, or local logistics, and avoid saving precise addresses, government IDs, account numbers, or payment details in local memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs creating and maintaining a persistent memory file containing user context such as location, family needs, budget pressure, health sensitivities, and insurance/storm concerns, but it does not require a clear user-facing consent flow or warning about ongoing storage. Even though it advises against storing full street addresses and sensitive identifiers by default, the template still promotes retention of potentially sensitive personal context across sessions, creating privacy and data-minimization risk.

Vague Triggers

High
Confidence
93% confidence
Finding
The activation rule 'whenever the user mentions Florida at all' is overly broad and can cause the skill to engage in conversations where Florida is only incidental, leading to unnecessary collection or retention of user context. In a system with memory or tool use, this increases the chance of inappropriate persistence, scope creep, and accidental influence over unrelated tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal