Pamela Calls

Security checks across malware telemetry and agentic risk

Overview

This skill is upfront about helping agents place billable Pamela AI phone calls, with no hidden code or malicious behavior found.

Install only if you intend to let an agent help place real Pamela phone calls. Confirm each recipient, task, expected cost, and legal basis before calling; avoid unsolicited or non-consensual calls; protect the API key; enable billing alerts; and treat call audio/transcripts as data that leaves your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill enables outbound AI phone calls at scale and provides examples for contacting third parties, but it does not warn users to obtain consent, comply with robocalling/telemarketing laws, or verify jurisdiction-specific recording and disclosure requirements. In this context, the omission materially increases the risk of unlawful or abusive use because the capability is immediately actionable and framed for broad deployment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal