Back to skill

Security audit

Omada Viewer

Security checks across malware telemetry and agentic risk

Overview

This looks like a genuine Omada diagnostics helper, but it bundles a broad write/admin API catalog that does not fit its read-only viewer purpose.

Use only with a dedicated Omada Open API app limited to Viewer permissions. Keep secrets out of chat, leave SSL verification enabled unless you fully trust the local controller setup, and treat references/all-endpoints.md as unsafe for normal viewer use unless write, delete, reboot, and admin routes are removed or separately gated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file enumerates a very large number of write, delete, reboot, upload, and configuration-changing endpoints while the skill is described as a read-only diagnostics/viewer skill. Even as documentation, this expands the agent’s implied action surface and creates a strong risk that the skill or downstream prompt/tool wiring could invoke destructive administrative actions contrary to user expectations.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This section includes controller-wide administrative capabilities such as user, role, webhook, certificate, backup/restore, firmware, MFA, cloud bind/unbind, and other global management actions that are unrelated to diagnostics or inventory viewing. In a skill marketed for troubleshooting and read-only inspection, including these capabilities materially increases the chance of privilege misuse, tenant-wide impact, and surprise administrative changes.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documentation lists disruptive actions such as rebooting devices/clients, disconnecting clients, blocking/unblocking, starting scans/tests, deleting data, modifying VPN/firewall/NAT/network settings, and other operationally invasive commands. For a read-only viewer skill, this mismatch is dangerous because it normalizes or exposes destructive actions that could interrupt production networks or harm availability and confidentiality if accidentally or maliciously used.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.