Back to skill

Security audit

yoooclaw-meeting-preparations-en

Security checks across malware telemetry and agentic risk

Overview

The skill is a plausible meeting-briefing helper, but it can read recent phone notifications and automatically install another skill from a remote source without user confirmation.

Install only if you are comfortable with the skill searching recent phone notifications for meeting topics and people. Before use, confirm whether byted-web-search is already installed; avoid allowing this skill to install dependencies automatically unless you trust that remote source and want the local skill environment changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to execute shell/package-manager commands to inspect and modify the local skill environment by installing `byted-web-search`. That behavior exceeds the stated purpose of producing a meeting briefing and creates a supply-chain and environment-modification risk, especially because it pulls code from a remote URL and runs `npx` without explicit user approval.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest presents the skill as a summarization/briefing tool, but the documented workflow includes changing the agent environment by checking installed skills and adding one if missing. This mismatch can mislead reviewers and users about the skill's actual privileges and side effects, increasing the chance that risky behavior is silently approved.

Vague Triggers

High
Confidence
82% confidence
Finding
The activation description includes very broad triggers such as any mention of meetings, preparations, or even loosely related phrases, which can cause the skill to run in contexts the user did not intend. Because this skill reads notifications and may perform web searches, over-broad invocation expands privacy exposure and increases the risk of unintended data access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to search and summarize the user's phone notifications from the last 7 days, including by person name, without an explicit privacy warning or consent step at the point of access. Notifications often contain sensitive personal, business, and authentication data, so silent collection and summarization creates a meaningful privacy and data-minimization risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.