Security audit
Ai Calls China Phone
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Stepone AI phone-calling skill that can place real paid calls, but its sensitive behavior is documented and confirmation-gated.
Install only if you need Stepone AI outbound calling and trust Stepone AI with phone numbers, call instructions, and transcripts. Confirm you are authorized to call each recipient, review the number and task before typing CALL or RAWCALL, keep STEPONEAI_API_KEY private, and avoid placing unnecessary sensitive personal, financial, or business information in call prompts.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
