Security audit

Scoro

Security checks across malware telemetry and agentic risk

Overview

This Scoro skill is disclosed and not malicious, but it gives an agent broad Scoro access including sensitive business records and delete operations beyond the main time-tracking use cases.

Install only if you want the agent to use a Scoro API key that may access broad company data. Prefer a least-privileged Scoro key, avoid using this skill for finance or administrative changes unless that is intentional, and require the agent to show exact records and planned changes before any modify or delete request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill's declared purpose is limited to Scoro time tracking, tasks, utilization, team status, and billable corrections, but the documentation later exposes many additional modules and supports destructive operations such as delete. This expands the effective authority of the skill beyond user expectations and increases the risk of unauthorized access to unrelated business data or accidental destructive actions.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Documenting access to invoices, quotes, orders, bills, expenses, purchase orders, finance accounts, and delete operations is not justified by the skill's stated reporting and time-management role. In an agent setting, this kind of scope creep can lead to overbroad data retrieval or destructive actions in sensitive financial domains without clear user intent or least-privilege controls.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance says to use the skill for 'any Scoro data,' which is overly broad and may cause the agent to invoke it for generic Scoro-related requests outside its intended safe workflow. Overbroad triggering increases the chance of unnecessary access to sensitive records or use of higher-risk operations when a narrower skill should have been selected.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes fetching all users and contacts, including identifiers such as names and email addresses, without any privacy guidance, minimization rules, or authorization caveats. In a multi-user enterprise environment, this can enable unnecessary disclosure of personnel and contact data to users who only requested task or time information.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.