Ably

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed Ably connector skill that can read, publish, and delete Ably data through OOMOL, with appropriate warnings for state-changing actions.

Install this only if you trust OOMOL and intend to let an agent operate your connected Ably account. Review Ably scopes carefully, and require explicit confirmation before publishing messages, activating channels, or deleting push subscriptions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The documentation is internally inconsistent: the action is named `create_channel`, but the description says it activates a channel by retrieving metadata. In a write-capable integration, this mismatch can mislead an agent or operator about whether the action is read-only or state-changing, increasing the risk of unintended modifications or incorrect approval decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal