Macau

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Macau travel and relocation guide that optionally keeps local planning notes, with no hidden network, credential, or destructive behavior found.

Install this only if you want Macau-specific planning help and are comfortable with optional local memory under ~/macau/. Review or delete ~/macau/memory.md if you do not want durable notes, and avoid storing passport numbers, account credentials, detailed medical information, or other highly sensitive personal data there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The auto-activation guidance covers several broad, common travel and relocation terms without defining exclusion criteria or requiring stronger relevance checks. This can cause the skill to activate in loosely related conversations, increasing the chance of unintended instruction injection, privacy-impacting memory use, or user confusion about why the skill engaged.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create and maintain persistent local memory files and to reuse prior personal context, but it does not require a clear user-facing disclosure of storage behavior, retention, or consent before reading and updating that data. This creates a privacy and data-governance risk because sensitive travel, visa, school, work, and mobility details may be stored locally without transparent notice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal