BVG (Berliner Verkehrsbetriebe) Route Planner

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward BVG route-planning helper that sends route queries to the disclosed public transit API and shows no hidden persistence, credential use, or destructive behavior.

Install if you are comfortable sending route-planning details to v6.bvg.transport.rest. Avoid entering highly sensitive exact home, work, or appointment locations if that privacy exposure matters to you; the helper script also requires python3, curl, and jq if run directly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: This skill sends user-provided origin, destination, stop, and time data to a third-party transit API without any stated privacy notice or minimization guidance. While the data is relevant to the feature, travel plans and locations can be sensitive, and users may not realize their itinerary data is being disclosed externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal