Divar Api

Security checks across malware telemetry and agentic risk

Overview

This documentation-only Divar API skill is not malicious, but it should be reviewed because it teaches authenticated access to seller phone numbers, account-state endpoints, and telemetry without enough privacy or credential-handling limits.

Install only if you want an agent to use Divar API and scraping reference material. Do not provide Divar cookies, JWTs, device IDs, or account session data unless you explicitly want authenticated requests for your own account. Avoid bulk collection, storage, or redisplay of seller phone numbers, and treat telemetry/account-state endpoints as out of scope unless you have a specific authorized reason to use them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill is scoped as a Divar search/query/data-extraction tool, but the documentation also exposes user-notification, unread chat/call history, premium seller data, and telemetry endpoints. This broadens the capability surface from search into account/state monitoring and behavioral tracking, increasing the risk that an agent could collect or act on user/account data beyond the user’s intent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly instructs users to obtain and use authenticated session cookies and to access seller contact information, but it does not provide clear safeguards for handling credentials or personally identifiable information. In a skill intended to help users build search tools or scrapers against a classifieds platform, this omission can normalize insecure cookie reuse, session leakage, or improper collection and storage of phone numbers and other seller data.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger text is explicitly expansive: it says to always use this skill whenever Divar, divar.ir, or Iranian real-estate search is mentioned. Overly broad activation can route unrelated or only loosely related user requests into a scraping/API skill, increasing the chance of unnecessary external-data handling, unintended automation, and privacy-sensitive actions being suggested without clear user intent. In this context, the breadth is more concerning because the skill also covers scraping, post details, and contact-info retrieval.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill provides operational guidance for obtaining contact information and describes reusing authentication artifacts such as token cookies, device IDs, and Authorization headers, but it does not include guardrails around user consent, lawful access, credential handling, or privacy expectations. That makes it easier for an agent or user to move from benign listing search into authenticated access to phone numbers or other protected data using session credentials. In this skill's context, that is more dangerous because the endpoint is specifically for contact info, which is privacy-sensitive personal data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly describes an authenticated endpoint that returns seller phone numbers, but it does not warn that this is sensitive personal data subject to privacy, consent, and handling restrictions. In a scraping/automation skill, omitting those constraints makes it easier for downstream agents or users to harvest contact details at scale or use them in ways that violate platform rules or privacy expectations.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill documents analytics, action logging, and error-reporting endpoints without warning that using related flows may transmit interaction, performance, or diagnostic data to third-party or ancillary logging services. In an automation context, this can surprise users, leak metadata about usage, and cause unintended data disclosure if agents replay or trigger these endpoints.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file documents an authenticated endpoint for retrieving seller contact details, including phone numbers, without any privacy or data-handling warning. In an agent context, this can normalize collection of personal contact information and encourage unnecessary exposure or storage of third-party PII.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation enumerates analytics and telemetry endpoints without warning that using them may transmit user interaction, device, or behavioral data to Divar or third parties such as Sentry. In a skill reference, this can lead an agent implementer to invoke non-essential tracking endpoints or overlook privacy implications of interaction logging.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The infrastructure notes describe session cookies and an Authorization header carrying the same JWT value, but provide no warning about credential sensitivity. In practice, this encourages handling or replay of bearer-equivalent secrets that could grant authenticated access to protected Divar resources if exposed in logs, prompts, or downstream tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal