ocas-spot

Automates appointment bookings and availability checks across various service venues, integrating with platforms like Yelp and Calendly.

Install this skill

83/100

Security score

The ocas-spot skill was audited on Jun 13, 2026 and we found 3 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 202

Access to root home directory

SourceSKILL.md

202	- Journal path is NOT profile-scoped — Journals always go to `/root/.hermes/commons/journals/ocas-spot/YYYY-MM-DD/{run_id}.json`, NOT under `profiles/indigo/`. Writing journals to the profile-scop

low line 182

External URL reference

SourceSKILL.md

182	4. Yelp setup (optional, run once): `spot.discover` works without `YELP_API_KEY` (page mode). For API mode, create a free key at `https://www.yelp.com/developers/v3/manage_app` and add to env conf

low line 186

External URL reference

SourceSKILL.md

186	For bot-blocked platforms (Tock, OpenTable, Mindbody, Fresha), VirtualPerson provides a headed Chrome environment that's harder to detect than headless Chromium. Patched files for VPN Gate integration

Scanned on Jun 13, 2026

View Security Dashboard

Installation guide →

Rating

5.01

Rate this skill

Categorysales

UpdatedJune 13, 2026

hermes frontend design playwright docx git api testing customer-success-manager business-development operations-manager marketing-analyst product-manager sales operations marketing product

indigokarasu/spot