Security audit

Estimator Pro

Security checks across malware telemetry and agentic risk

Overview

This is a construction-estimating helper with visible local install scripts and no evidence of hidden data access, exfiltration, or unsafe automation.

Install only if you want a Russian-market construction estimating assistant and are comfortable entering project, contractor, pricing, and company details into your agent. Review the installer before running it, fix or confirm the missing .env.example packaging issue, and independently verify regional coefficients, current нормативы, and legal document requirements before relying on outputs for contracts, tenders, or payment documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill content is clearly centered on US construction estimating frameworks such as CSI MasterFormat, RSMeans, and US city cost indices, which conflicts with the manifest positioning for the Russian market. In a construction-estimating context, this can mislead users into producing materially incorrect estimates, procurement assumptions, and contractual documents for the wrong jurisdiction and pricing basis.

Intent-Code Divergence

Critical

Confidence: 99% confidence
Finding: The documentation explicitly states that Russia is not covered and that Russian pricing rules are unsupported, directly contradicting the manifest's Russian-market purpose. This is especially dangerous because users may trust the manifest and deploy the skill for Russian estimates, leading to invalid cost bases, noncompliant documentation, and potentially severe financial or legal consequences.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The file describes a generic construction-cost skill with open pricing databases, optional RSMeans data, and BIM item matching, while the manifest claims Russia-specific estimating capabilities such as KS-2/KS-3, defect inspection, material calculation, and estimate audit that the file explicitly says are not available. This is a dangerous capability misrepresentation: users may rely on the skill for regulated or business-critical Russian estimating workflows and receive incomplete, noncompliant, or misleading outputs.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README defines very generic trigger words such as common domain terms and short phrases (for example, words equivalent to 'estimate', 'materials', 'works', 'compare', and document names). In a skill-based agent system, overly broad triggers can cause unintended activation during ordinary conversation, increasing the chance of misrouting user requests, bypassing user intent boundaries, or invoking the skill in contexts where sensitive business calculations or document-generation behavior were not explicitly requested.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Trigger phrases such as 'Estimate this project' and 'Review my estimate' are broad enough to match ordinary user requests outside the intended narrow scope. In agent environments, overly generic triggers can cause unintended invocation of the wrong skill, which is more risky here because the skill applies a US-centric methodology that may silently override the user's actual locale and standards.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill fixes a US-centric estimating basis without offering user choice, locale detection, or opt-in, despite being surfaced in a Russian-market context. This increases the chance that users receive advice and outputs grounded in the wrong standards and cost indices, creating inaccurate or noncompliant work products.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.