Marktplaats
Security checks across malware telemetry and agentic risk
Overview
The skill mostly does what it claims, but its listing-detail feature can fetch any HTTP(S) URL instead of only Marktplaats pages.
Review this before installing if your agent can access private networks, localhost services, or cloud metadata endpoints. It is best used only with Marktplaats-generated listing URLs or /v/ paths; avoid letting untrusted page text or prompts supply arbitrary --details URLs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.