Back to skill

Security audit

Agentline.cloud

Security checks across malware telemetry and agentic risk

Overview

This AgentLine skill is not malicious, but it should go to Review because it combines paid telephony and private communications access with a mandatory long-running local poller.

Install only if you trust AgentLine with your API key, phone calls, inbound SMS, transcripts, and billing data. Before setup, confirm any paid phone-number provisioning, decide whether you want a background poller running on your machine, and make sure you know how to stop and remove that process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to write and launch a persistent background polling process on the local system, which exceeds the stated telephony/API interaction scope and introduces host-side code execution and persistence. This is dangerous because it can consume resources, create hard-to-audit long-running processes, and normalize terminal actions unrelated to the user’s immediate request without an explicit safety boundary or separate consent.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Embedding full Bash and PowerShell polling scripts materially broadens the skill from API usage into shell scripting and process management on the host. That creates an unnecessary execution surface where an agent may write files, invoke shells, and maintain looping processes, increasing the risk of misuse, persistence, and unintended system impact beyond the telephony function advertised.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The description uses broad trigger phrases such as calling someone, checking transcripts, viewing messages, managing agents, buying numbers, or checking balance, which can match common user intents and cause over-invocation. In a skill that can place calls, access communications, and incur charges, accidental invocation materially raises the risk of privacy exposure and unintended external actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions mandate writing and launching a background poller without a clear upfront warning that this will create a persistent local process. Users may not understand that the agent is being directed to modify the local environment and keep a long-running task active, which weakens informed consent for a potentially intrusive operation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to retrieve and report transcripts and event contents, including inbound SMS and call transcripts, without clearly warning that highly sensitive communications data may be surfaced to the agent and then summarized back to the user. This can lead to privacy surprises, especially if the skill is auto-invoked or used in shared environments.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.