Back to skill

Security audit

AI Phone Calls (Bland AI)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to make Bland AI phone calls as advertised, but it needs review because it can place real calls and under-discloses privacy, transcript, and recording risks.

Install only if you are comfortable giving the skill a Bland AI API key and allowing it to place outbound calls through Bland AI. Confirm the number, task, cost, and recording setting before each call, and avoid regulated, secret, or highly sensitive details unless you have reviewed Bland AI's privacy, retention, and recording-consent requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises executable shell scripts (`phone-call.sh`, `check-call.sh`, `bland.sh`) but does not declare corresponding permissions, which can cause users or tooling to underestimate its ability to perform external actions. In a skill that can place real phone calls and contact third-party services, undeclared shell capability reduces transparency and weakens consent and review controls.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description explains call functionality but does not clearly warn that user-provided phone numbers, names, appointment details, and conversation content are sent to Bland AI and may result in transcripts or recordings stored by a third party. Because the core use case involves communicating potentially sensitive personal data over phone calls, missing disclosure creates a meaningful privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script prints the full call transcript and summary directly to stdout with no masking, consent check, or warning, which can expose sensitive personal or business information to terminal logs, shell history capture tools, or other users viewing the session. In a phone-calls skill, transcripts are especially likely to contain names, phone numbers, appointment details, and other private conversation content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Displaying the recording URL directly can expose a sensitive call artifact that may grant access to the audio recording if copied, logged, or observed by unauthorized parties. In this skill context, recordings may contain the same sensitive information as transcripts, so surfacing the URL without warning increases accidental disclosure risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script supports call recording via --record but provides no warning, consent workflow, or jurisdictional compliance check before enabling recording. This can lead to unlawful or unethical recording of third parties, especially in two-party consent regions, and expose users or operators to legal and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.