Security audit
Construction Quote & Job Costing
Security checks across malware telemetry and agentic risk
Overview
The skill itself is a normal construction estimating guide, but its metadata advertises unrelated purchase and crypto capabilities that users should review before granting.
Install only if you are comfortable with the advertised capabilities. The content looks like a construction quote generator, but do not grant purchase, payment, or crypto authority unless the publisher explains why those permissions are required. Treat generated quotes as estimates and verify prices, regulations, tax/VAT, and contract terms before using them with clients.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
