home-insurance-advisor

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language home insurance advice skill with no executable code or hidden data sharing, though users should avoid giving unnecessary personal details.

Safe to install for general home insurance planning. Share only what is needed, such as city or region, approximate home age/type, and broad asset categories. Avoid exact addresses, identity documents, policy numbers, or detailed valuables inventories unless you intentionally want to provide them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger conditions are extremely broad and include vague everyday phrases like wanting to protect a home or worrying about leaks, fire, or theft. This can cause the skill to activate in conversations where the user did not intend to seek insurance guidance, leading to unnecessary collection of personal or property details and potentially steering the conversation away from the user’s actual goal.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill is written to operate in Chinese without any language negotiation or user-consent mechanism. If activated for users who are not expecting Chinese, it can degrade comprehension, cause mistaken answers during structured risk collection, and result in incorrect insurance guidance based on misunderstood inputs.

VirusTotal

No VirusTotal findings

View on VirusTotal