Homestruk Deal Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward rental-property calculator skill; it may save reports locally and use lookups, but those behaviors fit its purpose.

Safe to install as a deal-analysis helper. Before using it, consider whether you want property addresses, purchase terms, and financing assumptions saved locally, and be aware that searches for rent, taxes, or rates may disclose property or city details to external lookup services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs writing output to a fixed filesystem path without explicit user consent or disclosure in the manifest. This can cause unintended local file writes, overwrite existing analyst data, and normalize silent persistence behavior that could become more dangerous if adapted to more sensitive paths or combined with symlink/path-manipulation conditions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal