Local Business Finder

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google Maps business-search helper that uses a third-party API key and does not show hidden, destructive, or unrelated behavior.

Before installing, understand that searches use your gmapsscraper.io API key, cost service credits, send search queries to that provider, and may collect business contact details including emails. Use exported contacts only for legitimate, compliant purposes and consider local laws, source terms, and outreach rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly enables collection of business contact data, including email addresses, via a third-party scraping service, but does not warn users about privacy, acceptable-use, or compliance implications. That omission can lead users to gather and process contact information for outreach or profiling without understanding legal, ethical, or platform-policy constraints.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal