Security audit

FlowConcierge — AI Phone Receptionist for Any Business

Security checks across malware telemetry and agentic risk

Overview

FlowConcierge is mostly upfront about what it does, but it can make paid Twilio changes and run a public webhook that updates HubSpot and sends SMS without enough safeguards.

Install only if you are comfortable granting VAPI, Twilio, and HubSpot account access. Use test or limited-scope accounts first, confirm Twilio costs before setup, prefer connecting an existing number if possible, keep SMS follow-ups disabled until you have consent processes, and secure the webhook before exposing it publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation advertises capabilities that require environment access, local file operations, and outbound network activity, but it declares no permissions. This creates a transparency and consent problem: users may install or run the skill without realizing it can read secrets, write files, scrape websites, call external APIs, and provision telephony resources.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly states that call summaries/transcripts are logged to HubSpot and that SMS follow-ups may be sent, but it provides no warning about consent, privacy notice requirements, retention, or jurisdiction-specific telephony/privacy laws. In a phone receptionist context, callers may disclose personal or sensitive business information, so silent collection and onward transfer to third-party systems increases legal, privacy, and trust risk.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The README advertises automatic purchase and connection of a Twilio phone number but does not clearly warn that this changes an external account state and can incur charges. While not a direct code exploit, it is a security-relevant operational risk because users may authorize actions with billing and telephony consequences without informed consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill logs call summaries/transcripts to HubSpot and may send SMS follow-ups, but the description does not prominently warn that caller data is transmitted to and stored in multiple third-party services. Because this is a voice receptionist handling potentially sensitive customer conversations, the omission increases privacy, compliance, and consent risk, especially in jurisdictions with call-recording and data-processing requirements.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup flow can automatically purchase a Twilio phone number, but this cost-incurring action is not surfaced as a clear warning in the skill description. Auto-provisioning paid telecom resources can lead to unexpected charges or unauthorized account actions if a user runs setup with valid Twilio credentials without understanding the side effect.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The webhook automatically persists call summaries and transcript content to HubSpot and can send follow-up SMS messages without any verification of caller consent or privacy controls. In a voice-receptionist context, this can capture and redistribute sensitive personal or business information, creating privacy, compliance, and trust risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.