Funda Listings Gateway

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Funda listings gateway with manageable risks from its localhost server and optional preview-image saving.

Install only if you are comfortable running a local Python HTTP gateway. Keep it bound to 127.0.0.1, do not proxy or expose it publicly, stop it when done, and clean the previews directory if you use save=1 heavily.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The gateway exposes functionality to persist downloaded preview images to local disk, which goes beyond a read-only HTTP proxy/search role described in the skill metadata. Although the path is constrained to remain under the skill root, this still creates a local write primitive that can consume disk space, leave residual data, and surprise users or higher-level agents that expect only transient responses.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The `save` and `dir` parameters expose a local file-writing capability to any caller of the local HTTP service. Even with directory traversal protections, granting write access from a network-reachable endpoint increases the attack surface and can be abused for disk-filling, persistence of unwanted content, or dropping files in locations other local tooling may trust within the skill directory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal