Back to skill

Security audit

Luma Events

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Luma event listings and keeps a disclosed local cache for follow-up event planning.

Install this if you are comfortable with the agent fetching public data from lu.ma and keeping a local event cache. Review or delete ~/clawd/memory/luma-events.json if you do not want past event searches, cities, or possible plans retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly relies on outbound network access to fetch live event data, but no corresponding permission is declared. This creates a transparency and governance gap: users or the host system may believe the skill is limited to local formatting while it actually contacts external services.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as a simple event-fetching utility, but the documentation adds persistent storage, data merging, and future-reference behavior. That mismatch is risky because it expands the skill's effective scope beyond what operators and users would reasonably expect.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instructions to track user interests and build context about upcoming plans introduce profiling behavior unrelated to the narrow task of listing public city events. Even if not overtly malicious, this collects and infers user-preference data without clear necessity, consent, or minimization.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README states that fetched events are automatically persisted to `~/clawd/memory/luma-events.json` but does not warn users that their queries and derived event interest history may be stored locally. Even though the data is public event data, persistence can expose user preferences, locations of interest, and activity history to other local users, backups, or later processes without the user's awareness.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill mandates saving fetched events and related user-interest context to a persistent local memory file, but provides no privacy notice, consent mechanism, retention enforcement details, or deletion guidance. In context, this is more dangerous because the data can reveal a user's likely interests, locations, and plans over time, turning a simple fetch tool into a silent behavioral log.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad generic terms like "events," "meetups," and "conferences," which can cause the skill to activate for many unrelated user requests. In an agent environment, unintended invocation can route queries to the wrong skill, causing unnecessary external data access, misleading responses, or expanding the attack surface through over-selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.