ClawHub

Indonesia

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Indonesia travel-planning skill that stores optional local trip notes, with no evidence of executable code, network access, credential access, or destructive behavior.

Install if you want ongoing Indonesia trip-planning help and are comfortable with local Markdown notes under ~/indonesia/. For one-off questions, tell the agent not to create memory; review or delete ~/indonesia/memory.md when you no longer want trip details retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The template includes an open-ended integration rule placeholder ('other rule') for activation behavior, which can lead to unclear or overly broad triggering of the skill. In an agent system, ambiguous activation criteria may cause unintended invocation on unrelated topics, increasing the chance of inappropriate memory use, incorrect travel guidance, or accidental processing of user context outside the intended Indonesia scope.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation scope is broad enough to trigger on generic travel topics such as Southeast Asia routing, boats, volcanoes, or island hopping, which can cause the skill to engage when the user did not specifically request Indonesia guidance. In a memory-capable skill, unintended invocation increases the chance of irrelevant steering or downstream collection of travel preferences without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs creation and updating of local trip memory under ~/indonesia/ but does not require a clear, user-facing notice and consent flow before storing planning details. Because the saved data may include travel dates, destinations, mobility limits, budget, and visa assumptions, silent local persistence creates a privacy and transparency risk even if storage is only local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal