Book Auto

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward auto-service booking skill that uses Lokuli and discloses the booking data it needs.

Install this only if you are comfortable using Lokuli for auto-service searches and bookings. Before approving a booking, review the provider, price, time, and the contact details that will be shared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest description is broad enough to trigger on essentially any automotive-related request, which can cause the skill to activate outside the user's actual intent and route users into an external booking flow unnecessarily. Because this skill can search providers and initiate bookings through a third-party MCP, over-triggering increases the risk of unintended tool use, privacy exposure, and confusing or unauthorized transactional actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal