momo

Security checks across malware telemetry and agentic risk

Overview

Momo is a disclosed local command helper for time tracking, but this version is mostly a stub and does not actually create records, invoices, or payment tracking.

Install only if you are comfortable granting a skill local command execution. Treat this release as a prototype: verify outputs yourself, because the reviewed code does not actually save timesheets, generate PDFs, create invoices, or track payment status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The manifest requests the highly sensitive "exec" permission even though the stated purpose is finance/time-tracking, which does not inherently require arbitrary command execution. Granting shell execution significantly expands the attack surface: a compromised or malicious skill could run local commands, access files, invoke network-capable tools, or chain into broader host compromise under the user's privileges.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The invocation guidance says to use Momo for broad, common activities like logging time, preparing reports, or generating invoices, which may cause an agent to invoke the skill in overly broad contexts without clear user intent. Because the skill has exec permission, over-triggering could lead to unintended script execution, data modification, or generation of business documents based on incomplete or wrong context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal