AeroLeads

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AeroLeads lookup skill that retrieves LinkedIn prospect/contact data through the OOMOL CLI, with privacy and installer cautions but no hidden or destructive behavior found.

Install only if you intend to use AeroLeads/OOMOL for prospect lookup. Treat returned emails, phone numbers, and LinkedIn profile details as sensitive personal data, use them only with appropriate authorization or lawful basis, and verify the official `oo` CLI installer source before running any pipe-to-shell setup command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This action is explicitly designed to retrieve personal contact and profile data from a public LinkedIn URL, including emails, phone numbers, education, and skills, but the skill documentation does not warn users that it may process and expose personal data. That omission can lead to uninformed use, privacy noncompliance, and misuse of scraped or enriched personal information, especially in workflows where operators may not realize the sensitivity of the returned data.

VirusTotal

39/39 vendors flagged this skill as clean.

View on VirusTotal