Back to skill

Security audit

Lead Guardian

Security checks across malware telemetry and agentic risk

Overview

Lead Guardian appears to do what it claims, but it exposes sensitive lead data and workflow controls without adequate access controls or privacy disclosure.

Review carefully before installing or deploying. Treat this as an internet-facing business application: add authentication for the dashboard and APIs, validate Twilio webhook signatures, disable debug mode, restrict network exposure, use dedicated provider keys with spend limits, and define clear consent, retention, deletion, and privacy practices for lead conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The application exposes an admin dashboard plus unauthenticated lead and message APIs that return full phone numbers, qualification data, and conversation history to any requester who can reach the server. Because there is no authentication or authorization on '/', '/api/leads', or '/api/leads/<id>/messages', this creates a direct privacy breach and broad unauthorized access to sensitive customer communications.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The handoff endpoint allows anyone to POST to '/api/leads/<lead_id>/handoff' and change lead state without authentication. An attacker could interfere with business workflow by silently marking leads as handed off, suppressing automated responses and causing missed or mishandled leads.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly advertises conversation tracking and stores lead interactions, but does not warn users that personal lead data and message history will be retained. In a real-estate context, these records can contain names, phone numbers, budgets, financing status, and timing information, so omission of disclosure creates privacy, compliance, and trust risks.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill routes inbound lead content through external providers such as Twilio and OpenRouter, yet the description does not warn that lead messages and qualification details are transmitted to third parties. Because these messages may contain sensitive personal and financial information, undisclosed third-party transmission materially increases privacy, consent, and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Incoming SMS content and prior conversation history are sent to a third-party AI provider without any visible consent, notice, or data-minimization controls. In this context, the messages can contain personal and financial information from prospective home buyers, making undisclosed third-party transmission materially sensitive from a privacy and compliance standpoint.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.