Back to skill

Security audit

Willhaben

Security checks across malware telemetry and agentic risk

Overview

This skill is a Willhaben listing helper whose browser posting and local preference storage match its stated purpose, but users should supervise any live listing before publication.

Install this only if you want an agent to operate a signed-in Willhaben session. Before publishing, review the title, description, price, photos, location/contact details, shipping/package choices, and confirm no paid promotion is selected. Review or delete config/user-preferences.json if you do not want your local selling preferences retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to trigger on generic selling-related conversations, which can cause the agent to invoke browser automation and marketplace-posting behavior in situations where the user did not explicitly ask to create a public Willhaben listing. In this context, overbroad activation is more dangerous because the skill can draft and publish real listings using a logged-in profile, creating privacy, reputational, and transactional risk from accidental invocation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to use a saved browser profile with an existing Willhaben login and then proceed to publish a live public marketplace listing, but it does not require an explicit warning or final consent acknowledging use of stored credentials and public posting. This is especially risky here because the automation performs irreversible external actions on a real account, potentially exposing personal data, creating fraudulent or unwanted listings, and causing financial or reputational harm.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructs the agent to persist personal preferences, including location data, to a local JSON file without any explicit notice, consent flow, retention policy, or protection guidance. In this skill context, storing city/district and selling preferences is not inherently malicious, but silent persistence of personal data increases privacy risk, especially on shared machines or insecure environments.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.