Mortgage Rate Lookup

Security checks across malware telemetry and agentic risk

Overview

This mortgage-rate scraper is mostly coherent, but it contains an undocumented local browser-control fallback that deserves manual review before installation.

Review before installing. The normal scraper behavior is understandable, but users should be comfortable with their ZIP code being sent to multiple lender sites and should not run or expose the CDP fallback unless it is removed or changed to require explicit opt-in with an isolated browser profile.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill performs network access and likely writes local history/config data, but the manifest does not declare any permissions or data-access expectations. This weakens user consent and platform enforcement, making it easier for the skill to exfiltrate user-provided ZIP codes to third-party lenders or write files unexpectedly without clear disclosure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior does not match the detected behavior: connecting to a local CDP endpoint at 127.0.0.1:18800 introduces control over an existing browser session that may contain unrelated cookies, tokens, or sensitive pages. Hidden or underdocumented browser-control behavior is dangerous because it expands the trust boundary far beyond simple mortgage-rate scraping and could enable access to local authenticated browsing context.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill description omits clear notice that it makes outbound requests to many third-party lenders and may transmit the configured ZIP code during those lookups. While expected for scraping, the lack of disclosure can mislead users about privacy exposure and informed consent, especially when querying multiple financial websites.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal