offerhopper.ai

Security checks across malware telemetry and agentic risk

Overview

This plugin is a straightforward grocery-deal and route-optimization wrapper, but it sends your shopping list and location to OfferHopper's remote service when used.

Install only if you are comfortable sending shopping lists, ZIP codes or addresses, travel mode, and optional destination details to OfferHopper's remote service for deal and route calculation. Prefer ZIP code or coarse location when enough, and avoid entering sensitive household or schedule details unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The tool transmits user-provided shopping lists and precise location data to a third-party remote service at mcp.offerhopper.ai, but this file contains no explicit disclosure, consent handling, or minimization before sending that data. Because location and shopping habits can reveal sensitive personal information, undisclosed external transmission creates a real privacy and data-governance risk even if the functionality is intended.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal