ClawHub

Mumbai

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Mumbai guide; its main risks are stale or overly broad advice, not hidden system access or malicious behavior.

Reasonable to install from an agentic-security perspective. Use it as a practical Mumbai reference, but verify emergency numbers, visa rules, legal restrictions, healthcare decisions, prices, and business requirements with official or current local sources before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rule is very broad: 'User asks about Mumbai for any purpose' can cause the skill to trigger on many ordinary mentions of Mumbai, even when the user did not ask for city-navigation guidance. Over-broad activation can lead to irrelevant instruction injection into unrelated conversations, reducing agent reliability and potentially overriding more appropriate skills.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The emergency section gives actionable medical guidance and emergency numbers without clearly stating that it is general informational content and not a substitute for professional medical advice or authoritative local instructions. In a healthcare guide, users may rely on this text during urgent situations, and outdated, incomplete, or context-mismatched advice can delay appropriate care or lead to harmful decisions.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The guide encourages use of public WiFi in cafes, malls, airports, and hotels but omits basic security caveats. Users may connect to insecure or spoofed networks, exposing traffic, credentials, or personal data, especially in a travel/local-services context where people are likely to rely on unfamiliar networks.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The entry 'Lokhandwala | Apartments, social | ₹35K-65K | Auto/Uber | Families, Gujaratis' assigns neighborhood suitability using an ethnicity/nationality-adjacent grouping without user opt-in or a clear functional justification. This can steer users based on protected or sensitive characteristics, reinforce stereotypes, and produce discriminatory recommendations in a housing-related context, which makes the issue more serious than a casual demographic observation.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The guide provides emergency numbers, embassy contacts, and legal restrictions as if they are stable facts, but these can change over time or vary by jurisdiction and circumstance. In a safety-focused skill, stale emergency or legal guidance can cause users to rely on incorrect information during urgent situations, increasing real-world harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal