Marktplaats.nl Publisher

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Marktplaats listing assistant that uses the user's Safari login session for form inspection, with no evidence of hidden exfiltration or unsafe install behavior.

Install this only if you want an agent to help manage Marktplaats ads using your active Safari login session. Keep Safari on the intended Marktplaats listing/place/edit page before running the probe, review any saved snapshots or local ad records, and require explicit approval for each publish, edit, or paid option.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Browser-fetch mode performs same-origin authenticated requests from the active Safari session using XMLHttpRequest with credentials enabled, allowing the tool to retrieve account-scoped pages and extract form data from them. In this skill context, the script targets a live marketplace listing flow and normalizes sensitive fields from an authenticated seller session, so an operator may unknowingly pull private session-bound content and save or display it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal