Back to skill

Security audit

Property Advisor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate property search and publishing assistant, but it stores housing/profile data locally and can pass addresses or listing contact details to map and listing services.

Install only if you are comfortable with a property workflow that uses local memory, calls upstream listing skills, and sends address/location data to public map services for enrichment. Use --no-memory or a temporary --memory-dir for sensitive searches, skip map enrichment when location privacy matters, and avoid publishing flows until you have reviewed the generated listing/contact details and understand any upstream OK/Gumtree account/session use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text is extremely broad and overlaps with many normal housing-related requests, making accidental auto-invocation more likely. In this skill, that matters because invocation can trigger real execution paths including network fetches, local memory reads/writes, shell-based CLI calls, and potentially listing publication orchestration.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default prompt defines a very broad trigger surface for 'housing requests' spanning search, comparison, commute, amenities, neighborhood risk, memory, watched listings, and publishing. In an agentic environment, such wide routing language can cause the skill to activate for loosely related user requests and take execution-layer actions or invoke upstream providers without sufficiently clear scope boundaries, increasing the chance of unintended data access, profile use, or external side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
`publish_property` serializes the full listing payload to a named temporary JSON file with `delete=False` and does not delete it afterward. Property listings can include addresses, contact details, descriptions, and other sensitive data, so leaving the file on disk can expose it to other local users, backups, or later unintended reuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code persists potentially sensitive user profile data and housing search history to predictable local files under the user's home directory without any consent, disclosure, retention controls, or access hardening. In this skill's context, the stored data can reveal location, destination, budget, bedroom needs, preferences, and watched listings, which increases privacy risk on shared machines, multi-user environments, or when local directories are backed up or synced.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code automatically extracts phone numbers and email addresses from free-form user text and includes them in downstream publishing payloads. In a property-listing workflow, this can expose personal contact data to external platforms or drafts without explicit confirmation, increasing the risk of unintended disclosure or publication of sensitive personal information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The map enrichment flow sends listing location, address/postcode, description, and potentially image-path-derived metadata to an external map client before publication, with no explicit consent gate shown in this file. Because real-estate listings often contain precise addresses and occupancy-related details, this creates a privacy and data-sharing risk, especially when users may only expect local drafting rather than third-party enrichment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends user-supplied addresses and destinations to third-party geocoding services and caches the derived results locally, which can expose sensitive housing-search data without clear consent or disclosure. In a property-search context, addresses, destinations, and commute targets can reveal personal interests, home locations, or workplace patterns to external providers.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The document is written entirely in Chinese and defines required behavior for the skill’s orchestration and fail-closed rules without any indication that the user requested Chinese output. In an agent setting, hard-coding a language in operational instructions can cause the model to ignore user language preferences, misunderstand downstream consumers, or misapply policy-critical constraints because operators and users may not be able to reliably review or verify them.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The instruction to surface `detail_degraded_reason` specifically in `缺失/未知` hard-codes a language/locale choice into user-facing output without checking the user's preferences or active locale. In an orchestrator that normalizes multi-source property data, this can cause confusing or misleading output, break downstream consumers expecting a different language, and reduce trust in the results, though it does not directly create code execution or data exfiltration risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.