Local Business Appointment Agent

Security checks across malware telemetry and agentic risk

Overview

This is a simple appointment-booking demo that handles expected scheduling and contact details, but it should add privacy guidance before real customer use.

Reasonable to install for testing. Before using it with real customers, add a clear privacy notice covering phone numbers, appointment details, reminder consent, calendar permissions, third-party SMS/email providers, retention, and deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This markdown file describes behaviors that affect user data and privacy, including sending reminders and integrating with external calendars, but it does not disclose any privacy, consent, or data-handling warning. For a customer-facing appointment agent, these operations can transmit or process personal scheduling information and should be called out explicitly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal