AgentPhone

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it says, but it can place real phone calls and affect reservations or subscriptions without requiring an explicit final confirmation.

Review this before installing if you plan to let an agent act autonomously. Require manual confirmation for every call, including the phone number, business identity, objective, permitted commitments, and whether recording or transcription is acceptable. Keep the API key private, and avoid using the skill for calls that may expose sensitive personal, account, legal, medical, or payment information unless you have checked the provider's privacy, retention, and recording-consent terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill clearly enables real-world actions—placing phone calls to third parties and generating transcripts/recordings—but the user-facing description does not prominently warn about those consequences. This creates a meaningful consent and privacy risk because a user may invoke the skill without realizing it will contact external parties and produce potentially sensitive call artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal