Book Chiropractor

Security checks across malware telemetry and agentic risk

Overview

This is a narrow chiropractor booking skill that uses a disclosed Lokuli MCP endpoint, with privacy and confirmation cautions users should understand before booking.

Install only if you want an agent to help search for or book chiropractor appointments through Lokuli. Before creating any booking, confirm the provider, service, time slot, name, email, and phone number, and understand that those details will be sent to the external booking service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger language is broad enough to activate on generic chiropractor-related requests without clearly constraining scope to booking intent. This can cause the agent to invoke an external booking workflow unnecessarily, increasing the chance of collecting or transmitting user data when the user may only want general information, recommendations, or medical context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill facilitates transmission of personal contact information to a third-party MCP endpoint but does not warn the user that their name, email, and phone number will be shared externally for booking. In a healthcare-adjacent context, this is more sensitive because booking a chiropractor can reveal health-service seeking behavior in addition to ordinary contact details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal