Omnis Venture Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-only guide for a venture-intelligence API, with payment handled through external checkout links rather than agent-run billing actions.

Install only if you are comfortable sending venture-discovery queries, company identifiers, and any API key you explicitly provide to the Bamboosnow/Omnis service. Complete any payment or funding step yourself in the hosted checkout flow, not through the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill claims it can handle "set up autonomous paid access and run production discovery," but the rest of the document explicitly forbids billing POST actions and instructs the agent to stop after directing the user to checkout. This contradiction can cause an agent to overstep its allowed trust boundary, potentially attempting payment-related workflows or presenting misleading capability claims to users.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal