Google Reviews

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only Google review research and monitoring helper with disclosed local storage and no evidence of hidden or destructive behavior.

Before installing, decide whether you want one-off review research or recurring monitoring. If you enable monitoring, review what will be stored in ~/google-reviews/, keep credentials and private customer data out of those files, scope any Google account/API access narrowly, and leave outbound posting or alerts ask-first unless you explicitly want automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Low

Confidence: 91% confidence
Finding: The setup directs the agent to persist reusable monitoring context in a local memory file under `~/google-reviews/`, creating cross-session state not clearly disclosed in the skill description. Even though the content appears operational rather than overtly sensitive, persistent storage can accumulate business preferences, watchlists, and escalation rules in ways users may not expect, increasing privacy and scope-creep risk.

Context-Inappropriate Capability

Low

Confidence: 84% confidence
Finding: Storing activation preferences across sessions is not strictly necessary for one-off Google review research and expands the skill's behavior beyond immediate task execution. This can cause the skill to influence future interactions based on prior state, surprising users and potentially causing unwanted invocation or profiling over time.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation trigger covers broad categories like Google Maps reviews, brand reputation monitoring, and recurring sentiment updates, which can overlap with many generic business-analysis requests. Overbroad triggers raise the chance of unintended activation, causing the skill to collect context, steer responses, or initiate persistence when the user did not clearly ask for this specialized behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to 'auto-activate for reputation and review monitoring requests' is ambiguous because those requests can be interpreted broadly across sessions and domains. In combination with stored activation preferences, this can let the skill assert itself in future conversations without clear contemporaneous consent, increasing the risk of unnecessary data handling and user confusion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal