ClawHub

goplaces-togo

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed saved-places recommender that stores personal place and visit history locally and uses Google Places lookups to make recommendations.

Install only if you are comfortable storing saved places, personal notes, preferences, and visit history in a local JSON file and sending place lookups through your configured goplaces/Google Places setup. Verify the goplaces binary on PATH, use a restricted Google Places API key, and manually delete or edit the JSON file if you want to fully remove retained history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persistently stores sensitive behavioral data including saved places and visit history without an explicit privacy notice or affirmative consent flow. Location history and personal notes are sensitive data, and users may not realize they are being retained across sessions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to immediately write imported Google Takeout data to disk before further processing creates privacy risk because highly personal location preferences are stored automatically without a clear user-facing warning at the moment of collection. If the device or workspace is shared or compromised, this data can be exposed without the user's informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends user-derived place names and preferences to the external `goplaces` tooling/API without explicitly warning the user that their saved-place data will be transmitted to a third party. Even if necessary for functionality, this is a privacy-sensitive disclosure because saved places can reveal routines, interests, and frequent locations.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill is designed to collect, retain, and later reuse a detailed profile of the user's saved places, notes, visit history, and preferences with minimal minimization controls. This creates a durable behavioral dossier that can expose sensitive patterns about where the user goes and what they like over time.

Ssd 3

Medium
Confidence
88% confidence
Finding
Echoing back previously stored saved places and notes by default can reveal sensitive personal information to anyone viewing the screen or conversation, especially in shared environments. The risk is amplified because saved places and comments may contain intimate preferences, routines, or travel history.

Ssd 3

Medium
Confidence
95% confidence
Finding
Persisting the parsed saved places list immediately 'so it is never lost' prioritizes retention over privacy and stores sensitive imported data before the user has meaningfully reviewed or confirmed it. This increases exposure if the session was exploratory, mistaken, or performed on an insecure machine.

Ssd 3

Medium
Confidence
94% confidence
Finding
The broad capture rules instruct the agent to continuously infer intent from casual statements and persist retrospective visits and feedback into long-term history. This creates a meaningful privacy and consent risk because users may not expect ordinary conversation to update a durable behavioral record.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal