Vacation Property Management

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only TIDY API helper whose credential use and property/reservation management actions match its stated purpose, though delete commands should be used carefully.

Install only if you trust the TIDY API account you will connect. Use a limited or test account where possible, protect TIDY_API_TOKEN as a long-lived secret, and require explicit confirmation before running delete or natural-language requests that modify properties or reservations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a direct DELETE operation for addresses without any warning about irreversible deletion, dependency checks, or a confirmation step. In a property-management context, deleting a property record can disrupt reservations, cleaning workflows, and operational metadata, increasing the chance of accidental destructive actions by an agent or user.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The reservation deletion example exposes a destructive API action with no caution about data loss, guest impact, or cleaning/turnover side effects. In this skill's context, accidental deletion could cause missed stays, scheduling errors, or broken downstream automation tied to reservations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal