Boston

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Boston guide with some advice users should verify, but no executable or hidden agent behavior.

Safe to install from an agent-security perspective. Use it as a static local guide, and independently verify medical, legal, immigration, alcohol, housing, transit, price, and safety details before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The statement that many places offer bottomless mimosas or bloody marys appears inconsistent with Massachusetts alcohol law and could mislead users into expecting or seeking promotions that are likely unlawful or unavailable. In a practical travel/local-guidance skill, inaccurate alcohol-law advice is more dangerous because users may rely on it for real-world decisions and could face refusal of service, wasted reservations, or encourage attempts to obtain prohibited drink specials.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: An absolute claim about bottomless alcoholic drinks in Boston is likely legally inaccurate and conflicts with the file's own earlier guidance that Massachusetts bans drink specials. Because this skill presents practical city-navigation advice, users may treat the content as authoritative, making misinformation about alcohol rules materially risky even though it is not directly malicious.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This section gives condition-based triage guidance such as when to use urgent care, the ER, or call 911, but it does not clearly state that the content is general informational guidance and not a substitute for professional medical advice. In a city-guide skill, users may rely on this simplified advice during urgent situations, which could delay appropriate care or create unsafe self-triage decisions.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The South End/JP sections describe who lives in the area using protected characteristics such as LGBTQ status and Latin American identity in a neighborhood-selection context. In a housing-oriented guide, this can facilitate demographic steering by encouraging users to choose neighborhoods based on protected-class makeup rather than neutral attributes like transit, price, or amenities.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: This section continues to characterize neighborhood fit using protected traits, including LGBTQ and Latin American community references, in content that helps users decide where to live. Even if informational, this can be used to steer housing choices along protected-class lines, which is risky in housing-related guidance.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: The Roxbury section centers racial and ethnic composition—'Historically Black,' 'predominantly Black and Latin,' and related resident categories—as a primary framing for living there. In a neighborhood guide that includes cost and suitability, this creates clear demographic-steering risk and could support discriminatory housing recommendations.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The Dorchester section defines the neighborhood through multiple ethnic communities and ties those descriptors to sub-neighborhood selection. In a housing discovery context, this can enable users or downstream systems to sort neighborhoods by protected demographics, which is a classic steering concern.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The Mattapan section identifies the neighborhood largely by racial and ethnic composition and then links that framing to affordability and residential suitability. In housing-oriented guidance, this is sensitive because it can directly influence where users are steered based on protected-class characteristics.

Natural-Language Policy Violations

Low

Confidence: 86% confidence
Finding: The South Boston section references Irish-American identity as a defining residential trait in a guide about where to live. This is less severe than repeated broader demographic profiling elsewhere, but it still introduces protected-class framing into housing-related neighborhood advice and can contribute to steering concerns.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly normalizes jaywalking with phrases like 'Everyone does it' and advises users to 'follow local traffic rhythm,' which encourages unlawful and unsafe street-crossing behavior. In a visitor guidance context, this can lead travelers unfamiliar with Boston traffic patterns to take risks that increase the chance of injury or citation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal