Back to skill

Security audit

Jobber

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Jobber integration that uses Maton for OAuth and API access, with sensitive but expected business-data permissions.

Install only if you trust Maton to broker access to your Jobber account. Treat connection creation/deletion and any changes to clients, jobs, invoices, quotes, schedules, or account data as approval-required actions, and verify the selected Jobber connection when multiple accounts are linked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest and top-level description materially understate the skill’s effective scope. In addition to routine Jobber business-object access, the document exposes account metadata, requests, custom fields, and OAuth connection-management operations, which can cause users or an agent orchestrator to invoke the skill under a narrower trust assumption than the actual capabilities allow.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes generic OAuth connection lifecycle operations such as listing, creating, retrieving, and deleting connections, which expands power beyond ordinary Jobber object management. In an agent setting, these controls can be abused to rebind access, enumerate linked accounts, or disrupt integrations if the user did not intend to delegate connection administration.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The document states that all write operations require explicit user approval, but the skill content provides ready-to-run create, update, and delete examples without any enforcement mechanism. In practice this creates a policy/documentation mismatch that can lead an autonomous agent to perform state-changing actions without a reliable confirmation checkpoint.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is broad and does not clearly constrain when the skill should be preferred versus when a narrower or safer alternative should be used. In an agent environment, vague routing criteria increase the chance of over-invocation for requests involving sensitive customer, billing, scheduling, or account-linkage data.

External Transmission

Medium
Category
Data Exfiltration
Content
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'jobber'}).encode()
req = urllib.request.Request('https://api.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
Confidence
72% confidence
Finding
https://api.maton.ai/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.