Back to skill

Security audit

Rental Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised rental bookkeeping work, but it can change Google Drive files and Google Sheets records through the user's configured Google account.

Install only if the listed rental properties, Google Sheet IDs, and Drive folder IDs are yours or expected. Make sure `gog` is authenticated to the intended Google account, and confirm the property, receipt file, filename, and target sheet row before allowing it to upload, rename, move, or link financial records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Update G column (7th column) with the link
                update_range = f"{tab_name}!G{target_row_number}"
                cmd_update_sheet = ["gog", "sheets", "update", sheet_id, update_range, file_link, "--json", "--input=USER_ENTERED"]
                subprocess.run(cmd_update_sheet, capture_output=True, text=True, check=True)
                return {"success": True, "file_link": file_link, "message": f"File {final_name} processed and linked in Excel."}
            else:
                return {"success": False, "error": f"Index {excel_index} not found in Excel tab {tab_name}."}
Confidence
85% confidence
Finding
subprocess.run(cmd_update_sheet, capture_output=True, text=True, check=True)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest uses broad trigger phrases such as 'record expense', 'upload receipt', 'T776', and property names, which can cause the skill to activate in loosely related conversations. Because the skill performs bookkeeping actions and may upload files or update spreadsheets, overbroad activation increases the risk of unintended data handling or side-effectful operations without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs receipt upload to Google Drive and spreadsheet modification but does not present a user-facing warning that files will be transferred to external storage and records changed. In a financial/bookkeeping context, this can expose sensitive personal or tax information and lead to accidental persistence or misfiling of documents if the user did not clearly understand the action.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This function performs irreversible state-changing actions—moving files, renaming them, and updating spreadsheets—based on user-supplied parameters, yet contains no in-code authorization, confirmation, or anti-misdirection checks. In an agent setting, that increases the chance of accidental or prompt-induced tampering with financial records and receipt organization.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.