Venice

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Venice travel guide, but its trip-memory template includes an inappropriate password-like field that could lead users to save secrets in agent memory.

Review before installing if you plan to use the memory template. Do not store passwords, tokens, booking-account credentials, one-time codes, or sensitive personal details in the skill's memory file; use it only for ordinary trip notes such as dates, preferences, itinerary items, and non-secret reminders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The content explicitly promotes a multi-stop wine crawl, including morning drinking and 5-6 drinks over a few hours, without any safety context such as drinking responsibly, knowing limits, or avoiding impaired travel. In a travel guide, this can normalize excessive alcohol consumption and increase risk of accidents, dehydration, or unsafe decision-making, especially for tourists unfamiliar with local conditions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The template explicitly includes a field labeled 'Preview password preview,' which encourages users or downstream agents to record password-like secrets in persistent memory. Storing credentials in a general travel note template is unnecessary for the skill’s purpose and increases the risk of accidental disclosure through logs, prompts, exports, or later agent access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal