Vapi Skill
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed Vapi account-management guide with sensitive but expected API access; the main caution is its optional remote CLI installer.
Install this only if you intend to let an agent manage your Vapi account. Keep `VAPI_API_KEY` in a secret manager, approve account-changing actions and outbound calls case by case, verify phone numbers and webhook URLs, and inspect or replace the optional remote installer with a safer official installation method before running it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.