Security audit

Nyc 311 Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it automates NYC 311 reports, but users must handle the personal data and real submission step carefully.

Install and use this only if you intend to file NYC 311 reports. Run the dry run first, inspect the generated screenshot, use only accurate user-approved contact details, avoid storing real personal data in assets/config.json unless needed, and delete /tmp/311_*.png screenshots after the report is complete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs users to store sensitive personal data such as name, phone number, email, and home/work addresses in a local JSON file, but provides no guidance on consent, retention, file permissions, encryption, or safe handling. This creates a real privacy and security risk because such data may be exposed to other local users, accidentally committed to source control, or left behind on disk without the user's awareness.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented `--submit` flow sends user-provided personal information to the NYC 311 portal, but the skill does not clearly warn that this action performs a real external submission of PII. Users may unintentionally disclose their contact details and complaint information to a third party, especially because the example places the actual submission immediately after the dry-run example with minimal risk disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code can submit a live NYC 311 complaint with reporter name, email, and phone when `--submit` is used, but it does not present any explicit consent, disclosure, or confirmation step immediately before transmission. In this skill context, the automation is specifically designed to act on behalf of a user against a real government portal, so silently transmitting contact data increases privacy and unauthorized-action risk if the tool is misused or triggered with unintended inputs.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script captures screenshots of the filled form after inserting reporter PII, which can expose name, email, phone, address, and complaint contents to local storage, logs, support artifacts, or other processes that can read `/tmp`. Because this skill is an end-to-end browser automation workflow for filing real complaints, the screenshots are likely to contain sensitive user-provided data and therefore materially expand the privacy exposure beyond the intended transmission to NYC 311.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal