北京住宅全信息助手 (房价/学区/交通)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Beijing housing and school-zone lookup helper that sends user-entered community or address details to real-estate, search, and education websites for that purpose.

Install only if you are comfortable sending the searched community or address to Beike, search providers, and Beijing education/government websites. Do not give the agent login credentials or QR-login access; complete any required authentication yourself. Verify school-zone results with the current district education authority before making housing or enrollment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The script automatically submits user-supplied community/address information to third-party government websites via Selenium without any explicit privacy notice, consent gate, or data-minimization step. Even though the target appears to be an official education site, addresses and residential community names can be sensitive personal information, and automatic transmission increases privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal