Paraguay

Security checks across malware telemetry and agentic risk

Overview

This is a Paraguay travel-planning skill with narrow local memory storage and no evidence of hidden, networked, destructive, or privileged behavior.

Before installing, be aware that the skill may create ~/paraguay/memory.md and store travel preferences, constraints, and trip history there. Review or delete that file if you do not want those notes retained locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The setup instructs the agent to persist user travel preferences and trip context in `~/paraguay/memory.md` without any explicit notice, consent, retention policy, or guidance on protecting that data. Even though the data is not highly sensitive by default, persistent storage in a home-directory file can expose personal behavioral information to other local users, backups, or later workflows that access the same file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal