Security audit

Yelp

Security checks across malware telemetry and agentic risk

Overview

This Yelp skill is a disclosed Yelp research helper with optional API use and local notes, and I found no evidence of hidden or destructive behavior.

Safe to install for Yelp research if you are comfortable sharing relevant search details with Yelp. Keep your Yelp API key out of notes, confirm before using phone numbers or exact addresses in API calls, and periodically review or delete ~/yelp/ if you do not want old local preferences reused.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation criteria are broad enough that the skill could trigger on loosely related requests such as general local recommendations, business research, or review summaries without clear opt-in boundaries. Over-broad activation can cause unintended tool use, unnecessary data access, and routing of user requests into this skill when a different workflow would be safer or more appropriate.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash curl -sS -H "Authorization: Bearer ${YELP_API_KEY}" \ "https://api.yelp.com/v3/businesses/search/phone?phone=%2B14159083801" \ | jq '{id, alias, name, location, phone}' ```
Confidence: 80% confidence
Finding: https://api.yelp.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.