Back to skill

Security audit

Omnium Hub CRM

Security checks across malware telemetry and agentic risk

Overview

The skill is a small, user-invoked CRM helper that can read and change Omnium Hub CRM records with a provided API key, with disclosure and credential-handling caveats but no evidence of hidden execution or exfiltration.

Install only if you intend to let the agent access and modify your Omnium Hub CRM through a LeadConnector-compatible API key. Use a limited, revocable key if possible, avoid putting the key directly in prompts or command lines, verify that services.leadconnectorhq.com is the intended backend for your account, and review create/update operations before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes a Python client that makes external network requests, but the skill manifest does not declare that network-capable behavior. Hidden or undeclared outbound connectivity reduces transparency for users and policy enforcement, and can enable unexpected data transfer to third-party services. This is more concerning here because the skill handles CRM data and API keys, so undeclared network use affects sensitive information.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill description says it manages Omnium Hub CRM broadly, including appointments, but the observed behavior relies on an external LeadConnector endpoint that is not disclosed and does not implement the claimed appointment functionality. This mismatch can mislead users about where their CRM data and credentials are going, undermining informed consent and increasing the risk of unintended third-party disclosure. In a CRM context, that is particularly sensitive because contact and opportunity data may contain personal or business-confidential information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly asks the user to provide an API key and then instructs that it be used in scripts, but gives no warning about safe handling, storage, reuse, or exposure in command lines. API keys placed directly in shell commands can leak through logs, process listings, terminal history, or agent traces, potentially allowing unauthorized access to the user's CRM account. The danger is elevated because CRM API keys can expose or modify customer contact and opportunity data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.