Voipms Sms

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: send and retrieve VoIP.ms SMS messages, with normal credential and privacy risks for that purpose.

Install only if you intend to let an agent use your VoIP.ms account for SMS. Use a dedicated SMS-only VoIP.ms API sub-account, avoid main admin credentials, verify the destination and message before sending, and treat retrieved SMS output as private data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation instructs users to provide VoIP.ms API credentials via environment variables and to run scripts that access the network, but the skill does not declare corresponding permissions. This creates a transparency and governance problem: the skill can access sensitive secrets and external services without an explicit permission contract, making review, sandboxing, and user consent harder.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The manifest clearly exposes functionality to send and retrieve SMS through a third-party telephony API, but it does not warn users that message content and metadata will leave the local environment and be transmitted to an external service. This is dangerous because users may unknowingly process sensitive communications through an external provider, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The manifest requires API credentials via environment variables but provides no warning or guidance on secure handling of those secrets. This increases the risk of accidental exposure through logs, debugging output, shell history, misconfigured environments, or reuse of overly privileged credentials.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: This script retrieves SMS content and prints the full API response directly to stdout, which can expose sensitive message bodies, phone numbers, and metadata to terminal history, logs, calling agents, or downstream tooling. In an agent skill context, automatic capture of stdout makes this more dangerous because secrets and personal data may be persisted or forwarded without the user's awareness.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script places API username, API password, destination number, and SMS message body into the URL query string. Even over HTTPS, query strings are more likely to be exposed through proxy logs, browser/history equivalents, monitoring tools, exception traces, or upstream server logging, which unnecessarily increases disclosure risk for credentials and message contents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal