Skipup - AI Meeting Scheduling

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward SkipUp meeting-scheduling integration, but users should understand that it sends meeting and participant data to SkipUp and can affect real email coordination workflows.

Install only if you trust SkipUp with meeting metadata, participant email addresses, and workspace-member information. Agents should ask for explicit confirmation before creating, cancelling, pausing, or resuming meeting requests, because those actions can change live coordination or contact other people.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README instructs the agent to create meeting requests that cause SkipUp to email third-party participants, but it does not explicitly warn that this action sends participant email addresses and meeting context to an external service and initiates outbound contact. In an agent setting, that omission can lead to privacy, consent, and unexpected external-action risks because users may not realize the tool will contact other people on their behalf.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to match ordinary scheduling language such as 'book a meeting' or 'find a time,' which increases the chance of unintended invocation. Because this skill sends participant data to an external scheduling service and can create, pause, resume, or cancel meeting workflows, accidental activation can lead to unintended external actions and privacy-impacting data disclosure.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The documentation explicitly states that pausing is a silent operation and participants are not notified, even though this changes how an ongoing external conversation is handled. In an agent skill context, silent state changes affecting real people can create deceptive or non-transparent behavior, increasing the risk of user harm, missed communications, or misuse by operators without participant awareness.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The resume behavior allows the system to automatically reactivate a paused meeting request based on incoming participant messages, causing autonomous external action without a strong warning or explicit operator confirmation. In a scheduling agent, this can defeat user expectations about what 'paused' means and may lead to unintended outreach or processing of participant communications.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The examples instruct creation, cancellation, pausing, and resuming of meeting requests that can trigger emails or change coordination state for other people, but they do not consistently foreground that these actions have external effects on participants. In an agent skill, omission of those warnings increases the risk of users or downstream agents invoking actions without informed consent or confirmation, causing unintended outreach or disruption.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Create a meeting request ``` POST https://api.skipup.ai/api/v1/meeting_requests ``` Returns **202 Accepted**. SkipUp will coordinate asynchronously via email.
Confidence: 94% confidence
Finding: https://api.skipup.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: ## List meeting requests ``` GET https://api.skipup.ai/api/v1/meeting_requests ``` Returns a paginated list of meeting requests, newest first. Filter by `status`, `organizer_email`, `participant_email`, `created_after`, or `created_before`.
Confidence: 84% confidence
Finding: https://api.skipup.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: ## Get a meeting request ``` GET https://api.skipup.ai/api/v1/meeting_requests/:id ``` Retrieves a single meeting request by ID.
Confidence: 83% confidence
Finding: https://api.skipup.ai/

External Transmission

Medium

Category: Data Exfiltration
Content: ## List workspace members ``` GET https://api.skipup.ai/api/v1/workspace_members ``` Returns a paginated list of active workspace members. Filter by `email` or `role`.
Confidence: 90% confidence
Finding: https://api.skipup.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal