Tmp.HIr8hBnFpZ

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This Redfin skill is purpose-aligned and disclosed, but it can read account-linked Redfin saved homes/searches through a signed-in browser session when those tools are used.

Install only if you are comfortable letting an MCP workflow use your signed-in Redfin browser session to read saved homes and saved searches. Review the external npm package and fetchproxy extension source before installing, and use saved-data tools only when you intend to share that account-linked activity with your agent.

SkillSpector (1)

By NVIDIA

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest advertises activation for essentially any Redfin-related request, including requests about a user's saved homes and searches. Overly broad triggers can cause the skill to auto-engage in contexts the user did not intend, increasing the chance of unnecessary access to signed-in browser data and oversharing of sensitive personal real-estate activity.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal