Finmo

Security checks across malware telemetry and agentic risk

Overview

This skill appears to expose sensitive financial/payment operations that are not clearly aligned with its stated Finmo mortgage/workflow purpose.

Review the exact Finmo API surface and required permissions before installing. Use only narrowly scoped credentials, avoid enabling payment or payout actions unless you explicitly need them, and require clear user confirmation before any transaction, wallet, pay-in, payout, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill metadata says it is for managing organizations and Finmo data, but the body exposes much broader capabilities including payments, wallets, payins/payouts, and arbitrary proxy requests. This kind of scope mismatch can mislead an agent or user into invoking sensitive financial operations they did not intend, increasing the risk of over-privileged or unsafe use.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documentation describes Finmo as a mortgage workflow platform, but the advertised actions correspond to a different payments/fintech domain. This inconsistency strongly suggests the skill may be wired to the wrong API surface or copied from another integration, which could cause agents to act on the wrong system or mishandle highly sensitive financial data and transactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal