Back to skill

Security audit

Book Catering

Security checks across malware telemetry and agentic risk

Overview

The skill matches its catering-booking purpose, but it can send personal contact details to Lokuli and create real bookings without clear confirmation or privacy safeguards.

Review before installing. Use it only if you are comfortable using Lokuli for catering searches and bookings, and before any booking make sure you explicitly approve the provider, date, time, price, cancellation terms, and sending your name, email, and phone number to the external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description uses broad trigger language such as 'any catering service request,' which can cause the skill to activate for loosely related user intents without clear user expectation. Over-broad invocation increases the chance that users are routed into a workflow that sends booking-related queries and potentially personal data to an external MCP service unnecessarily.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill defines a booking flow that collects and transmits personal contact information including name, email, and phone number to a third-party endpoint, but it does not warn the user beforehand or obtain explicit consent in the skill description. This creates privacy and data-handling risk because users may not realize their personal information will be sent off-platform to complete a booking.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.