Back to skill

Security audit

Housing Scout — Smart House(Sale or Lease) Search & Alerts

Security checks across malware telemetry and agentic risk

Overview

This is a coherent housing-search and alert skill, but users should understand that searches, listing URLs, coordinates, and alert routing metadata can be stored locally or sent to third-party services.

Install only if you are comfortable with housing searches making external network requests and saving local state. Use public real-estate URLs only, do not pass private links, verify alert recipients before subscribing, keep bot tokens outside the skill files, and periodically delete old profiles, subscriptions, snapshots, and caches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The profile creation flow persists notification routing data (`notify.channel` and `notify.to`) to `profiles.json` on disk by default, including a placeholder or real chat identifier, without any disclosure, consent prompt, minimization, or protection controls. In an agent/tooling environment, these identifiers are sensitive operational metadata and can be exposed through local file access, backups, logs, or other skills that read workspace files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Subscription creation writes notification routing information (`channel` and `to`) into `subscriptions.json` with no warning or confidentiality safeguards. This creates persistent storage of potentially sensitive destination identifiers that may be harvested by anyone with access to the workspace, and the subscription feature increases exposure because it is intended for ongoing automated use.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code prints `NOTIFY_PAYLOAD` to stdout containing the full destination identifier and message body for each subscription event. Stdout is commonly collected by orchestrators, CI systems, agent transcripts, and centralized logging, so this behavior can leak both recipient metadata and detailed housing-search activity well beyond the intended recipient.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The provider sends Redfin URLs to the Jina mirror service, which causes user-requested housing searches and listing detail URLs to be transmitted to an unrelated third party. Because listing URLs and associated query targets can reveal user interests and approximate intended locations, this creates an undisclosed privacy leak in a housing-focused skill where location sensitivity materially increases risk.

External Transmission

Medium
Category
Data Exfiltration
Content
async function fetchNoiseContext(lat, lng, radiusM = 1800) {
  const query = `[out:json][timeout:20];(way(around:${radiusM},${lat},${lng})[railway];way(around:${radiusM},${lat},${lng})[highway~"motorway|trunk|primary|secondary"];);out body;>;out skel qt;`;
  const res = await fetch("https://overpass-api.de/api/interpreter", {
    method: "POST",
    headers: { "content-type": "application/x-www-form-urlencoded" },
    body: `data=${encodeURIComponent(query)}`,
Confidence
94% confidence
Finding
fetch("https://overpass-api.de/api/interpreter", { method: "POST"

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.