House

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a prompt-only home advice guide with no code or data access, but users should be cautious with its DIY repair and tenant-screening advice.

Install only if you want general homeownership and renting guidance. Do not rely on it as a substitute for licensed contractors, legal advice, or compliant tenant-screening processes, and avoid storing sensitive applicant data in plain text or unsecured channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The DIY repair section gives step-by-step home repair guidance involving tools, fixtures, and potentially unsafe materials without clear safety boundaries, PPE guidance, or escalation criteria for non-professionals. In a consumer home-maintenance skill, users may attempt repairs beyond their competence, increasing risk of injury, property damage, or worsening hidden plumbing or fixture issues.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs landlords to collect full legal names and Social Security numbers from applicants but provides no guidance on minimizing, securing, or lawfully handling this highly sensitive data. In this context, readers may store SSNs in insecure forms, email, or paper files, increasing the risk of identity theft, privacy violations, and legal exposure if the data is lost or breached.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal