Security audit

Property Management Agent

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it automates sensitive tenant workflows and external ticket creation with unclear limits and a malformed spending cap.

Review before installing. Verify the correct skill identifier, pin or inspect the ThumbGate package before running the `npx` command, set an explicit currency spending cap, require human approval for emergencies and repair spend, and grant only narrow, auditable access to tenant databases and CRM/spreadsheet integrations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The setup guide instructs users to load `property-management-agent` while the actual manifested skill is `property-management-ticketing-agent`. This kind of identifier mismatch can cause operators to install or invoke the wrong skill, potentially loading an unintended package with different permissions, behavior, or security posture. In an autonomous property-management context, that confusion could misroute tenant data or maintenance workflows into an unreviewed agent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises direct synchronization into Buildium, AppFolio, or Google Sheets, which implies transmitting tenant-provided data and potentially creating operational records in third-party systems. Without explicit disclosure of these side effects, user consent expectations are weak and the agent could unintentionally submit sensitive maintenance details or create unwanted tickets based on ambiguous input.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The sales copy describes broad autonomous tenant triage and escalation behavior without clearly constraining when the skill should activate or what exact inputs, channels, and conditions are in scope. In a property-management context, overly broad invocation can cause the agent to engage on ambiguous tenant messages, misclassify urgency, and trigger inappropriate escalation or operational actions, especially given the claim of 24/7 autonomous handling.

Vague Triggers

Medium

Confidence: 98% confidence
Finding: The spending-limit rule is malformed because the threshold is written as '00', making the policy ambiguous and likely to be misinterpreted or bypassed. In a property-management ticketing agent that can authorize repairs and triage emergencies, an unclear cap can lead to unauthorized high-cost work approvals or inconsistent blocking behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.