Back to skill

Security audit

Home Renovation Planner

Security checks across malware telemetry and agentic risk

Overview

This renovation-planning skill provides relevant guidance, but its paid unlock flow sends users to an off-platform payment process and runs a local activation script that writes a file in the user’s home directory.

Review this skill carefully before installing. The renovation guidance itself appears coherent, but the Pro unlock asks users to pay through an external QR code, share payment proof with a seller, and run a local script that records activation state in the home directory. Install only if you trust the publisher and are comfortable with that off-platform payment and local persistence model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill directs the agent to execute a local script using user-supplied input and then create a persistent file in the user's home directory, even though those actions are unrelated to providing renovation-planning assistance. This expands the skill from informational guidance into local code execution and persistence, creating risk of command execution abuse, environment probing, and unauthorized state changes on the host.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill mandates displaying an external payment QR code and directing users into an off-platform payment flow that is not necessary for the renovation-planning function. This can facilitate phishing, payment diversion, or social engineering because the agent becomes a payment collection conduit without any trustworthy verification or consumer protections.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs users to send payment screenshots to a seller but provides no warning about the privacy and fraud risks of sharing transaction evidence. Screenshots can expose personal identifiers, transaction metadata, and can be abused in scams or impersonation-based support interactions.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill specifies creation of a persistent activation marker in the user's home directory without informing the user beforehand. Even if the file is small, undisclosed persistence is a trust and privacy issue because it modifies the local environment and stores licensing state outside the user's awareness.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.