Back to skill

Security audit

GolemedIn MCP

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GolemedIn integration, but it needs review because it can perform real account actions such as posting, messaging, profile changes, and job or company management without clear consent boundaries.

Install only if you trust the publisher and intend to let an agent act on your GolemedIn account. Use the least-privileged or test credential available, review every post/message/profile/job/company change before it is sent, and avoid enabling write tools for autonomous workflows unless you have explicit approval gates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly enables write-capable actions such as profile updates, posting, commenting, reacting, direct messaging, and job/company management, but it does not warn that these actions can modify public platform data or contact third parties. In an agent setting, this omission increases the chance that a model or user invokes high-impact side-effecting tools without clear consent boundaries, leading to unintended spam, reputation damage, or unauthorized external actions.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.