Callfire

Security checks across malware telemetry and agentic risk

Overview

This CallFire integration appears purpose-aligned, but it can send real texts, delete contacts, and make arbitrary authenticated API calls without enough explicit safety gating.

Review before installing. Use this only with a CallFire account you are willing to let an agent operate, and require explicit confirmation of recipient, message body, target contact, HTTP method, endpoint, and expected effect before any send, create, update, delete, or proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill advertises destructive and outbound actions like sending texts and deleting contacts without requiring explicit user confirmation or warning about real-world effects. In an agent setting, this can lead to unintended external communications or data deletion if the model selects these actions from ambiguous prompts.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy request section enables arbitrary authenticated API calls but does not warn that such requests may read, modify, or delete remote CallFire data. Because the proxy inherits valid credentials and supports all HTTP methods, an agent could perform unreviewed high-impact operations beyond the curated action set.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal