Back to skill

Security audit

Apollo.io Enrichment

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apollo.io enrichment helper, but it sends contact and company lookup data to Apollo and can return personal contact details when requested.

Install only if you intend to use Apollo.io for lead or contact enrichment. Use an Apollo API key you are comfortable delegating, expect Apollo credits to be consumed, and only submit contacts, company domains, or bulk files that you are allowed to process and share with Apollo. Be especially deliberate with --reveal-email and --reveal-phone because they may expose personal contact information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users to provide an API key via environment variable and to use a script that makes external Apollo.io requests, but the skill declares no permissions for environment access or network use. This creates a transparency and consent problem: users and calling systems may not realize the skill can access secrets and transmit queried data to a third party.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose is generic enrichment and prospect search, but the skill also advertises a built-in competitor exclusion filter targeting specific companies. That hidden business-logic bias can manipulate search outcomes without clear disclosure, causing users to make decisions from intentionally filtered results and indicating potential author-driven steering beyond the stated skill purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The search feature contains hard-coded filtering for specific competitor companies unrelated to the stated Apollo enrichment purpose. This silently biases results and can be used to manipulate business decisions or conceal relevant search results from users, especially because the behavior is framed as an optional convenience feature rather than transparent policy logic.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages enrichment and prospecting workflows that send identifiers like names, emails, and company domains to Apollo.io, and it can request personal email and phone data, yet it provides no privacy warning in the main description. This omission can lead users to unknowingly expose personal or sensitive business contact data to a third-party service and retrieve regulated personal information without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.