Back to skill

Security audit

Henteplan Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward waste-collection lookup helper, with privacy considerations around address-based lookups and optional reminders.

Install only if you are comfortable sending address or location lookup details to henteplan.no. Use the reminder examples only if you want recurring automated checks, and ask the agent not to remember provider/locationId if you prefer one-time lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill expands from simple schedule lookup into persistent reminder automation by documenting cron and heartbeat job creation. That increases capability and risk because it can cause recurring autonomous actions and ongoing access to user-specific data without an explicit consent, scoping, or safety model for background execution.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs the agent to remember provider and location identifiers for future use, but does not tell the user that these identifiers may be persisted across sessions. Even though the data is not highly sensitive by itself, it is still location-linked household metadata and hidden persistence can violate user expectations and privacy boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.