Real Estate Investing

Security checks across malware telemetry and agentic risk

Overview

This real-estate investing skill is coherent and disclosed, with scoped local note storage and no evidence of external access, credential use, or automatic transactions.

Install this only if you want the assistant to keep real-estate investing context locally across sessions. Review ~/real-estate-investing/ periodically, and avoid saving lender logins, tax IDs, account numbers, full legal documents, or exact addresses unless you deliberately choose to store them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions direct the agent to create persistent local files for investment-related memory and pipeline tracking, but they do not require a clear user-facing disclosure and consent flow before persistence occurs. Even though the file lists some categories that should not be stored, investment notes can still contain sensitive financial, behavioral, and location data, so silent or poorly disclosed storage increases privacy and data-retention risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal