Back to skill

Security audit

Book Massage

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward massage-booking connector that uses a disclosed Lokuli endpoint and requests contact details only for the booking workflow.

Before installing or using this skill, understand that searches and bookings go through Lokuli, and creating a booking may send your name, email, phone number, location, selected provider, service, and time slot to that service. Confirm the provider, service, appointment time, and contact details before allowing any booking call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger language is broad enough to activate on generic phrases like 'find massage near me' or any 'massage service request,' which can cause the skill to run in situations where the user did not clearly intend to book through this specific third-party service. Because the skill can lead into provider search and eventual booking flows, over-triggering increases the chance of unintended collection or transmission of user data and unwanted third-party actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The booking example shows collection and transmission of sensitive personal contact information, including full name, email, and phone number, to an external MCP endpoint without any documented user warning, consent, or notice about third-party sharing. In this context, the risk is elevated because the skill is specifically designed to make real-world bookings, so users may be funneled into disclosing personal data without understanding where it is sent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.