Basic Plumbing Troubleshooting

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward DIY plumbing guidance skill, with disclosed local notes about shut-off locations and repair history but no evidence of hidden or abusive behavior.

Reasonable to install if you want DIY plumbing help. Be aware it may store local household plumbing notes such as shut-off locations and repair history; only provide details you are comfortable keeping in the agent's state, and treat the repair advice as general guidance rather than a substitute for licensed help in emergencies or regulated work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The skill instructs the agent to persist household infrastructure details such as shut-off valve locations and repair history across sessions, which exceeds the minimum data needed to answer a one-time troubleshooting request. While not overtly malicious, storing home-layout and maintenance metadata can create unnecessary privacy exposure and could be misused for profiling or targeted social engineering if the state is accessed by unauthorized parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal