Back to skill

Security audit

Google Chat

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Google Chat messaging helper with expected risks around protecting webhook URLs, OAuth files, and message destinations.

Install only if you are comfortable giving the skill authority to post to Google Chat destinations you choose. Treat webhook URLs, OAuth credentials, and token files as secrets, verify the destination before sending, avoid putting sensitive data in messages unless approved, and use an account or Chat app with the least access needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes capabilities that write local files (credential/token/config storage) and perform network egress to Google Chat, yet no permissions are declared. Missing permission declarations weaken user awareness and policy enforcement, making it easier for the skill to be used in environments where outbound messaging and secret file handling should be explicitly reviewed.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documentation overstates and inconsistently describes behavior, including claiming direct messaging to specific users while also noting that DM creation by email is unsupported. Security-relevant mismatches cause operators to misunderstand what data can be enumerated or where messages may be sent, which can lead to unintended disclosure or unsafe automation assumptions.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file says OAuth cannot create or target DMs by email, but later provides an example using a `--dm` email option. Contradictory instructions are dangerous because users may build automations that assume recipient targeting works, potentially causing messages to fail, be redirected after ad hoc code changes, or encourage insecure workarounds for contacting individuals.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to store webhook URLs, OAuth credentials, and tokens locally and send arbitrary message content over network channels without any warning about secret handling, retention, or sensitivity of transmitted data. Webhook URLs and OAuth tokens are effectively bearer secrets, and mishandling them can allow unauthorized message sending or disclosure of internal information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.