Security audit

Restaurant Lead Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it encourages scraping and automated restaurant outreach without enough consent, approval, or data-quality safeguards.

Install only if you will supervise it closely. Treat the included script as mock-data generation unless rewritten, verify every lead source, keep outputs in a controlled location, use narrowly scoped sending credentials, and require human review of recipients and message content before any email or WhatsApp outreach is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 70% confidence
Finding: The skill instructs saving scraped lead data to CSV and includes automation code, but there is no declared permission model or explicit disclosure of file-writing behavior. Undeclared capability increases the risk of data being written locally or exported without user awareness, especially when handling business contact data at scale.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file presents itself as a restaurant lead generator, but it only fabricates synthetic businesses, addresses, and phone numbers using random values. In the context of an SMB sales/outreach skill, this is dangerous because downstream automation could treat fake records as real prospects, causing misdirected outreach, data quality failures, and potential spam or compliance issues if random numbers are contacted.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The top-level description states that the script finds restaurant leads and outputs CSV, but the implementation only generates random sample entries. Misleading documentation increases the risk that operators or other agents will rely on fabricated data as if it were genuine business intelligence, especially given the skill's stated purpose of automated lead generation and outreach.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The top-level description is broad enough to match common sales and outreach requests, which can cause the skill to trigger in situations beyond the user's intended scope. Overbroad invocation raises the chance of unintended scraping, enrichment, or external messaging workflows being suggested or initiated without appropriate safeguards.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The 'When to Use' examples are generic and action-oriented, making it easy for the system to apply this skill to vague requests involving lead generation or outreach. In a skill capable of collecting contact data and contacting third parties, ambiguous triggers materially increase misuse risk.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The skill promotes scraping business data and automated email/WhatsApp outreach without any privacy, consent, anti-spam, or platform-policy warnings. Because it is designed for external contact and bulk lead generation, the absence of safeguards makes accidental spam, policy violations, and misuse of personal or business contact data significantly more likely.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The workflow explicitly instructs users to send personalized outreach immediately after lead collection and enrichment, with no review, approval, or consent verification step. In context, this is more dangerous because the skill is specifically built for mass prospecting, so omission of a confirmation gate can directly facilitate spam or non-compliant outreach at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.