Book Plumber

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent plumber-booking helper, but it can share contact details with an external service and create a real booking without clear consent or confirmation instructions.

Review before installing. Use only if you are comfortable sending your contact information and booking details to Lokuli, and ensure your agent asks for explicit approval before searching externally or creating any appointment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger description is broad enough to activate on vague plumber-related requests without clearly constraining scope, which can cause the agent to invoke this skill when the user did not intend to initiate a third-party booking workflow. In this context, unintended activation is more dangerous because the skill is connected to an external MCP endpoint that can search providers and proceed toward booking actions involving personal data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill includes a booking flow that collects and transmits customer name, email, and phone number to a third-party service, but it does not warn the user that their personal contact information will be shared externally. This creates a privacy and consent risk, especially if the agent proceeds directly from a user request into data collection and transmission without explicit disclosure and confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal