Home Reno Estimator

Security checks across malware telemetry and agentic risk

Overview

The core estimator appears local and non-destructive, but the package also ships under-disclosed marketing, payment, sharing, and unrelated business-guidance material.

Install only if you want a renovation estimator plus bundled business/marketing collateral, not just a calculator. Do not post exact addresses, contact details, budgets, contractor documents, or report screenshots publicly, and treat any payment, sharing, referral, or off-platform messaging instructions as optional and requiring explicit user consent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (26)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_cmd(args): """运行估算命令""" cmd = f"python3 estimate.py {' '.join(str(a) for a in args)}" result = subprocess.run(cmd, shell=True, capture_output=True, text=True) return result def test_case(args, expected_keys=None):
Confidence: 99% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file documents a social-media funnel and paid-report upsell flow that extends beyond the stated purpose of a renovation cost estimator. This is dangerous because the skill may be used to drive off-platform engagement, solicit payments, and operationalize lead generation without that behavior being disclosed in the skill metadata, creating scope creep and user trust/compliance risks.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The launch checklist includes Xiaohongshu account setup, branding, content publishing, and audience-conversion tasks that are unrelated to estimating renovation costs. This is risky because it shows the skill package contains hidden operational behavior and growth workflows not reflected in the advertised functionality, which can mislead reviewers and enable misuse of the skill as a marketing asset rather than a utility tool.

Description-Behavior Mismatch

Low

Confidence: 90% confidence
Finding: Payment setup and KPI/revenue tracking are outside the stated estimator function and indicate a monetization workflow embedded in the skill materials. While not directly exploitative code, this broadens the operational scope and can facilitate undisclosed commercial collection behavior, increasing policy, trust, and misuse risk.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The document describes a cron-driven process that continuously updates the project and includes marketing, monetization, account setup, and growth tasks that are outside the stated scope of a renovation cost estimation skill. This scope expansion increases the chance that the skill or its associated workflow performs autonomous actions users did not request, creating operational and trust risks even if there is no explicit malicious payload.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file materially diverges from the declared skill purpose of renovation cost estimation and instead provides a social-media marketing playbook. This kind of scope drift is dangerous because it silently grants the agent unrelated persuasive/growth behavior, increasing the chance of misuse, hidden capability expansion, and user deception about what the skill is actually for.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The content introduces concrete social-media growth operations, batch content production, posting strategy, and AI-assisted promotional workflows that are unrelated to estimating renovation costs. If exposed through the agent, these instructions could be invoked for marketing automation or manipulative content generation beyond the user-expected tool boundary.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file is materially outside the stated scope of a home renovation cost estimator and instead contains a full growth, monetization, and referral playbook. This scope drift is dangerous because it can repurpose the skill into a user-acquisition and conversion channel, increasing the chance of deceptive behavior, hidden business logic, or misuse of user interactions unrelated to estimation.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The content includes referral incentives, social sharing prompts, paid conversion tactics, and private-channel retention mechanisms that are not justified by a renovation estimator's functional purpose. In context, this is more dangerous because the skill is presented as a utility tool, so embedded acquisition and monetization workflows can manipulate users, encourage unauthorized data propagation, or blur the boundary between estimation and covert marketing operations.

Intent-Code Divergence

Low

Confidence: 92% confidence
Finding: The page claims '不收集个人信息' while simultaneously encouraging users to post area, city, and renovation tier in comments. Even if these fields are not highly sensitive on their own, this is still user-supplied data collection in a public channel, and the privacy representation is misleading. In this context, the mismatch is more dangerous because the CTA normalizes oversharing in comments while the trust section reassures users that no personal information is collected.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This file is materially unrelated to the declared skill purpose of home renovation cost estimation and instead contains broad marketplace and monetization strategy content. In an agent skill, such scope drift is dangerous because it can contaminate prompts, retrieval, or tool behavior with off-topic business advice, causing the agent to act outside its intended domain and potentially mishandle user requests.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The document expands into unrelated domains including e-commerce, content generation, education, healthcare, and platform sales strategy, none of which are justified for a renovation estimator. This broadens the effective capability surface of the skill and increases the chance that an agent will generate unsafe, irrelevant, or policy-sensitive outputs based on retrieved reference material.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file is materially unrelated to the declared skill purpose of home-renovation cost estimation and instead contains marketplace revenue and monetization strategy content. This creates a scope-integrity problem: an agent using this reference may surface irrelevant business guidance, contaminate outputs, or be influenced by embedded strategic instructions that do not belong in the tool's domain.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The included sections provide monetization, platform distribution, and multi-channel marketing strategy unrelated to renovation estimation. In an agent setting, such off-domain guidance can steer the model toward promotional or operator-focused actions, increasing the risk of unintended behavior, prompt contamination, and responses that do not match user intent.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The reference file is materially unrelated to the declared skill purpose of home renovation cost estimation and instead injects government subsidy, AI startup, and commercialization guidance. This kind of scope drift can cause the agent to produce off-purpose recommendations, mislead users, and expand into advisory domains with legal/financial implications that were not intended or disclosed.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The file goes beyond accidental irrelevance and explicitly introduces a new capability: startup subsidy consulting and AI business strategy recommendations. In the context of a装修造价估算 skill, this increases the risk that users receive unauthorized business/policy guidance, and that the agent can be steered into higher-risk advisory outputs unsupported by the product’s stated function.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This reference file is materially misaligned with the declared skill purpose of renovation cost estimation: it contains social-media marketing copy, click-optimized titles, lead-generation scripts, and traffic-conversion guidance instead of estimator logic or neutral reference material. In an agent skill, this can steer outputs toward promotional behavior, covert advertising, or off-task persuasion, causing the agent to manipulate users rather than fulfill the stated estimation function.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The file explicitly includes audience acquisition and off-platform conversion tactics such as directing users to comments, private messages, and external tool links. In a skill context, this is dangerous because it encourages the agent to solicit engagement or redirect users off-platform, which can enable spammy behavior, policy violations, data harvesting, or unapproved commercial funneling unrelated to the user's request for a renovation estimate.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This file is materially unrelated to the declared skill purpose of home-renovation cost estimation and instead contains marketplace monetization advice. In a skill package, irrelevant business-oriented content can indicate supply-chain contamination, prompt-scope drift, or hidden instructions that bias agent behavior away from the user task, reducing trust and increasing the chance of unintended actions or deceptive outputs.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The reference file is materially unrelated to the declared purpose of a home-renovation cost estimator, introducing AI startup subsidy and business-incubation content into a domain-specific skill. This creates prompt-context contamination risk: the model may surface irrelevant entrepreneurial guidance, confuse user intent, or be steered into unintended advisory behavior outside the skill’s scope.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: This section goes beyond passive irrelevant content and actively instructs users on AI创业补贴申报, commercialization, platform listing, and business expansion. In a renovation estimator skill, such prescriptive off-domain guidance increases the chance of unauthorized task pivoting, misleading outputs, and misuse of the skill as a business-consulting agent rather than a cost estimator.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: This test helper introduces shell execution capability that exceeds the legitimate needs of a home-renovation estimator test script. Expanding capability beyond business need increases attack surface, and here it directly enables command injection via composed shell strings.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example trigger phrase is broad natural language that could match ordinary budgeting or renovation discussions and cause the skill to activate outside the user's clear intent. In an agent ecosystem, overly broad invocation increases the chance of unintended tool use, which can confuse users, inject irrelevant outputs into conversations, or route sensitive context into the skill without necessity.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill incentivizes users to post screenshots, share results, and publish project-related content in exchange for rewards, but it does not warn about disclosure of location, budget, home size, renovation preferences, or other potentially sensitive household information. In a home-renovation context, these details can reveal personal circumstances and property characteristics, making oversharing more risky than in a generic social-content tool.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The post explicitly asks users to share area, city, and renovation tier in public comments and offers private-message link sharing without any privacy notice, retention policy, or warning against oversharing. While these fields are not highly sensitive on their own, they can reveal home-related profiling data and, when combined with account identity and follow-up messages, increase privacy, targeting, or social-engineering risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal