concierge
Enables users to find accommodation contact details and make AI-assisted booking calls seamlessly.
Install this skill
or
32/100
Security score
The concierge skill was audited on Feb 9, 2026 and we found 10 security issues across 3 threat categories, including 3 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 45
Ngrok tunnel reference
SourceSKILL.md
| 45 | The `call` command now auto-manages infra by default: if local server is down, it starts `ngrok` + call server automatically and stops both when the call ends. |
medium line 106
Ngrok tunnel reference
SourceSKILL.md
| 106 | # Optional for auto ngrok auth |
medium line 107
Ngrok tunnel reference
SourceSKILL.md
| 107 | concierge config set ngrokAuthToken "<token>" |
high line 119
Ngrok tunnel reference
SourceSKILL.md
| 119 | - `call` validates local dependencies before dialing (`ffmpeg` with MP3 decode support, and `ngrok` when auto-infra is needed). |
high line 121
Ngrok tunnel reference
SourceSKILL.md
| 121 | - When auto infra is used, server/ngrok logs are written under `~/.config/concierge/call-runs/<run-id>/`. |
medium line 87
Access to hidden dotfiles in home directory
SourceSKILL.md
| 87 | `~/.config/concierge/config.json5` |
medium line 121
Access to hidden dotfiles in home directory
SourceSKILL.md
| 121 | - When auto infra is used, server/ngrok logs are written under `~/.config/concierge/call-runs/<run-id>/`. |
low line 59
External URL reference
SourceSKILL.md
| 59 | concierge find-contact "https://www.airbnb.com/rooms/12345" |
low line 75
External URL reference
SourceSKILL.md
| 75 | concierge find-contact --json "https://..." |
low line 80
External URL reference
SourceSKILL.md
| 80 | concierge --verbose find-contact "https://..." |
Scanned on Feb 9, 2026
View Security Dashboard