Back to skill

Security audit

Company Intel

Security checks across malware telemetry and agentic risk

Overview

This sales-intelligence skill is coherent, but it directs agents to infer personal emails, actively probe mail servers, and write harvested contact data to local files and OKKI without clear approval or retention controls.

Install only if you are comfortable with an agent performing active sales prospecting, inferring and validating individual email addresses, storing contact dossiers, and writing records to OKKI. Use a review-only workflow, confirm each CRM write, avoid live SMTP probing unless you have authorization and a lawful basis, and define retention/deletion rules for generated reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill labels SMTP recipient probing as "zero risk" even though it actively opens network connections to third-party mail servers and issues SMTP commands to test whether specific addresses exist. That can violate acceptable-use policies, trigger detection/rate limits, and normalize unsafe outbound behavior by misleading operators about the real risk profile.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to collect, verify, and persist named individuals' contact details and email addresses into local dossiers and a CRM without any upfront privacy notice, consent gate, retention rule, or lawful-use constraint. That creates privacy/compliance risk because the agent is operationalizing personal-data processing and storage with no safeguards or transparency to the user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to create local dossiers and CRM records, which are write operations against user data stores, but it provides no user-facing warning or confirmation checkpoint before modifying those stores. Silent persistence increases the chance of unauthorized data handling, accidental contamination of business systems, and privacy-policy violations.

Ssd 3

High
Confidence
98% confidence
Finding
The skill’s core purpose is to harvest, verify, store, and analyze individuals’ business contact information at scale for outreach. In context, this is more dangerous because it combines scraping, inference, validation, persistence, and lead scoring into an end-to-end contact intelligence pipeline, enabling bulk profiling and targeted unsolicited contact without meaningful safeguards.

Ssd 3

High
Confidence
99% confidence
Finding
This section explicitly directs the agent to identify employees, infer organizational email naming conventions, and generate candidate personal email addresses for specific targets. That is dangerous because it facilitates contact discovery and recipient enumeration for individuals who may not have publicly disclosed those addresses, increasing risks of privacy intrusion, spam, and targeted phishing.

Ssd 3

High
Confidence
97% confidence
Finding
The output templates require storing verified named contacts and email addresses in local archives, summaries, and OKKI CRM records, turning harvested personal data into durable operational intelligence. Persisting and centralizing that data amplifies the harm from inaccurate collection, unauthorized processing, internal misuse, and downstream outreach abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.