Abyssale

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Abyssale connector wrapper with disclosed credential use and write-action safeguards.

Install this only if you intend to let Codex use your OOMOL-connected Abyssale account. Review any proposed write payload before approval, and treat the CLI installation/login steps as one-time setup actions that should only be run when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description says to use this skill for ANY Abyssale request and instead of calling the API directly, which makes routing overly broad and can trigger the skill for loosely related prompts. Because the skill includes state-changing actions and setup instructions that invoke shell commands, accidental activation increases the chance of unintended writes or exposing users to risky operational steps.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal