ClawHub
Back to skill

Security audit

Romania

Security checks across malware telemetry and agentic risk

Overview

This Romania travel-planning skill is a local, documentation-only helper that stores optional trip preferences under a dedicated local folder and does not show evidence of hidden network, credential, or destructive behavior.

Before installing, be comfortable with the skill keeping Romania trip notes locally in ~/romania/memory.md. If you do not want ongoing memory or automatic help on Romania-related mentions, tell the agent to keep the status as never_ask or to answer one-off questions without saving memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill directs the agent to decide and persist future auto-activation behavior 'within the first couple of exchanges' using broad criteria like 'whenever Romania comes up' or 'trip types where it should always help.' That creates an overly broad trigger scope and can cause the skill to activate outside the user's clear, current intent, increasing the chance of unwanted personalization, irrelevant intervention, and unexpected use of stored preferences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to save integration preferences to a persistent local memory file without telling the user that this data will be stored and reused later. Even though the storage path is constrained to the local Romania folder, the saved data can include behavioral preferences and trip-planning constraints, creating a transparency and privacy risk because the user is not given notice or a chance to consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.