Book Catering

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it can send personal contact details to Lokuli and create a real catering booking without clear final-confirmation safeguards.

Install only if you are comfortable using Lokuli for catering searches and bookings. Before allowing a booking, verify the provider, date, time, price, cancellation terms, and contact details, and make sure you explicitly approve sending your name, email, and phone number to the external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description is broad enough to activate on generic requests such as finding catering, which can cause the skill to run in situations the user did not explicitly intend. Because this skill can initiate booking flows and interact with an external MCP endpoint, overbroad invocation increases the chance of unintended external actions or premature collection/transmission of personal data.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill enables create_booking with customerName, customerEmail, and customerPhone sent to an external service, but it does not warn the user that their personal contact data will be transmitted off-platform. This creates a privacy and consent risk: users may provide sensitive personal information without understanding that it will be shared with a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal