Hospitality

Security checks across malware telemetry and agentic risk

Overview

This is a plain-text hospitality operations skill whose guest-data handling is expected for hotel work, but users should add their own privacy and approval rules before using it with real guests.

Install only for legitimate hotel or hospitality operations. Use approved PMS/CRM/messaging systems, avoid storing payment details outside compliant systems, respect guest consent and marketing opt-outs, redact personal or stay-specific details from public review replies, and require staff approval before sending external messages or issuing compensation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs collection and use of guest personal data such as name, contact details, stay dates, preferences, payment status, and outreach messaging, but provides no privacy, consent, retention, or access-control guidance. In a hospitality context this is operationally normal, yet still risky because an agent following these instructions could over-collect, use guest data for messaging without a lawful basis, or expose regulated personal information through insecure workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal