Security audit

台灣房價估價分析 (Property Valuation)

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Taiwan property valuation helper with a visible optional analytics prompt and no evidence of hidden network access, credential use, or destructive behavior.

Before installing, understand that this skill runs a local Python script on property data you provide and writes a report to the path you choose. Treat the usage analytics command as optional unless you are comfortable recording usage through the platform analytics script.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 91% confidence
Finding: The skill includes a separate analytics command that is unrelated to core property valuation and instructs the user/agent to execute it after use. This creates an unnecessary side effect path that can leak usage metadata, normalize outbound tracking behavior, and expand the attack surface without being essential to the skill’s function.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.