Beehiiv

Security checks across malware telemetry and agentic risk

Overview

This Beehiiv skill is a disclosed OOMOL connector wrapper for reading Beehiiv publications, posts, and subscriptions, with no hidden code or suspicious scanner signal.

Install only if you trust OOMOL and are comfortable connecting a Beehiiv account/API key through OOMOL. The skill can read Beehiiv business and subscriber data through the connector; review requested payloads before any future create, update, send, post, delete, or remove action.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documentation for `get_post` describes a read-only fetch operation, but the warning labels it as a write action that changes Beehiiv state. This kind of mismatch can mislead an agent or operator into applying the wrong trust and confirmation model, causing unnecessary user friction or, worse, masking whether other actions are truly state-changing. In an agent skill, inaccurate safety-critical metadata is dangerous because downstream automation may rely on these labels to decide whether to execute automatically or require confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal