ClawHub

Real Estate Debt Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed because it presents real-estate investment price comparisons as platform-derived while the code generates estimated, partly random prices.

Install only with Review-level caution. Treat the outputs as rough demo estimates, not verified market, auction, legal, or financial advice. Verify all prices and property records with authoritative sources before acting, and avoid sending sensitive debt portfolios to unknown parser or report services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares executable behavior, environment-variable use, file reads, and network-dependent operations, but exposes no explicit permission model or capability constraints. In an agent ecosystem, this weakens governance and user consent, making it easier for the skill to access local configuration, external services, or network resources without clear approval boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is market-price comparison, but the skill behavior as described extends into broad file/media ingestion, local config loading, environment-driven service integration, and apparent estimated or synthetic pricing rather than verified live transaction data. This mismatch is dangerous because users and orchestrators may trust the skill with financial decisions under false assumptions, while hidden behaviors increase the attack surface for data exfiltration, misuse of local resources, or deceptive output.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises comparative analysis using Anjuke and Alibaba auction data, but the implementation fabricates prices from hard-coded heuristics and random fluctuations. In an investment decision-support context, presenting synthetic values as if they were market-derived can materially mislead users into making bad financial decisions, so this is a real integrity and trust vulnerability.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The docstring claims the script calls web-search and report-generator skills, but the code does not actually perform those operations. This mismatch is dangerous because it can cause operators and users to overtrust the freshness, sourcing, and rigor of the analysis, especially when the rest of the code silently substitutes local estimates and a fake localhost report URL.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Overly broad context triggers can cause the skill to activate during ordinary real-estate discussions rather than only when debt-analysis behavior is intended. In multi-skill agent systems, unintended invocation can route unrelated user content into this skill's file/network-enabled workflow, increasing privacy risk and the chance of inappropriate analysis or external lookups.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Generic collaborative triggers like 'analyze this table/file/image/document' are too broad and can hijack workflows meant for other parsing or analysis skills. Because this skill advertises handling many input types and may read files or use external services, accidental activation can expose sensitive document contents or produce misleading financial analysis outside the intended domain.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill processes potentially sensitive property and debt-related data from files, images, audio, and multimodal inputs without any visible notice, consent flow, minimization, or retention guidance. In this context, the data may contain addresses, debt principals, and other private financial details, so silent ingestion increases privacy and compliance risk even if the code does not obviously transmit the data externally.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal