concierge

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] Overall the skill's stated purpose matches its capabilities, and it calls out legitimate third-party services to perform search, scraping, and AI-driven phone calls. The main security concerns are operational: it requests many high-privilege credentials, stores config/logs in plaintext locations by default, and auto-manages ngrok tunnels which publicly expose local services and increase attack surface. There is no clear evidence of obfuscation or intentional exfiltration to attacker-controlled endpoints in the provided text. Recommended mitigations: store API keys in OS keychain or env vars, document minimal-scopes and retention policy for logs/transcripts, require explicit user confirmation before starting a public tunnel, and redact or encrypt sensitive logs. LLM verification: The skill is aligned with its described travel-concierge automation but exhibits meaningful security and privacy risks due to broad credential storage, auto-infra exposure, and handling of sensitive PII across multiple services. It should be treated as SUSPICIOUS-to-BENIGN with strong mitigations: encrypted/open-source-compliant config handling, restricted auto-infra usage, explicit consent and data minimization, and thorough auditing before deployment in production environments.