Prefy

Security checks across malware telemetry and agentic risk

Overview

Prefy is a disclosed API integration, but it gives an agent powerful server-control and real phone-call abilities without enough scoping or consent guidance.

Install only if you intentionally want an agent to use Prefy with credentials that can manage servers and place calls. Use revocable least-privilege credentials, require explicit approval before every shell command, cron or bot change, paid checkout, and outbound phone call, and avoid sending sensitive information to the memory-enabled agent API unless you understand Prefy's retention and deletion controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises server-management features including agent commands and a raw `shell <cmd>` capability without any warning, confirmation requirements, or scope restrictions. In an agent setting, this can enable destructive or unsafe system modifications if a prompt, tool call, or indirect instruction causes the agent to issue privileged commands against a user server.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The AutoCall feature can place real phone calls and transmit phone numbers, venue details, and task content to external calling/speech providers, but the skill provides no user-facing warning or consent guidance. That creates risk of unintended real-world actions, privacy disclosure, and unauthorized outreach triggered by an agent workflow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal