Reg Limited

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate vehicle restriction lookup/reminder CLI, with the main privacy caveat that saved reminders include plate numbers in a local plaintext file.

Install only if you are comfortable with a local CLI fetching Beijing restriction data online and saving plate/reminder details in ~/.reg-limited/config.json. Consider protecting or deleting that file if plate numbers are sensitive, and do not rely on Feishu/Telegram-style notification claims unless a future version actually implements them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The tool persists vehicle plate numbers and reminder data in plaintext under the user's home directory without disclosure or access controls. While this is not remote code execution, it is a privacy/security issue because local sensitive data can be exposed to other local users, backups, or malware on the system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal