Book a meeting

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed meeting-matchmaking skill that shares contact details through bookameeting.ai after a booking, so the main risk is expected privacy exposure rather than hidden behavior.

Install only if you are comfortable sending meeting profiles and contact methods to bookameeting.ai and sharing them with matched counterparties after booking. Use contact details intended for this workflow, keep the API key secure, avoid sensitive data in summaries, and require user approval before creating needs, booking matches, or contacting counterparties.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs agents to receive counterparty contacts, proactively initiate outreach, and notify owners, but it does not present a clear user-facing warning, consent requirement, or privacy/security guardrail before handling sensitive personal contact data. In this context, that omission increases the risk of unauthorized disclosure, over-collection, or autonomous contact of humans without adequate notice or approval.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal