ClawHub

Ibiza

Security checks across malware telemetry and agentic risk

Overview

This is an informational Ibiza travel guide with no executable code, requested permissions, credential handling, or persistence.

Reasonable to install as a travel reference. Before acting on it, verify current visa, tax, transport, healthcare, rental, and venue details from official or direct sources; protect identity and financial documents during rentals; and treat nightlife, water, cliff, driving, and boating recommendations as requiring current local safety checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The guidance suggests using the language spoken by other customers ('Spanish being spoken by most customers') as a proxy for authenticity. Even in a travel/food context, this can encourage users to make judgments based on linguistic or national-origin cues rather than objective indicators, which can reinforce exclusionary or discriminatory behavior. The skill context makes the issue somewhat less severe than in hiring or housing, but it is still an unnecessary sensitive preference signal.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The guide advises users to provide passports, bank statements, payslips, and NIE information during the rental process but does not warn about minimizing data sharing, verifying landlord or agency legitimacy, or protecting copies of identity and financial documents. In Ibiza's high-pressure rental market, scammers commonly exploit urgency, so this omission could increase the risk of identity theft, fraud, or unnecessary exposure of sensitive personal data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The content promotes or normalizes hazardous tourist activities such as cliff jumping and wading to an offshore island with only minimal cautionary language. In a travel guidance skill, users may treat these recommendations as trustworthy advice, which increases the risk of injury from unsafe sea conditions, hidden rocks, currents, tides, or restricted-access areas.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The itinerary strongly promotes late-night clubbing, pool parties, and alcohol-adjacent nightlife without pairing those recommendations with basic safety guidance such as sober transport planning, drink safety, hydration, rest, or local emergency precautions. In a travel-planning skill, users may reasonably rely on the itinerary as operational guidance, so omission of foreseeable risk warnings can contribute to unsafe decisions, especially around intoxication, driving, and late-night movement.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal