Better Proposals

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Better Proposals connector that reads account data through the OOMOL oo CLI, with no evidence of hidden execution, exfiltration, persistence, or destructive behavior.

Install only if you intend to let an agent read Better Proposals business data through your connected OOMOL account. Review requested action payloads before running them, and treat any future create, update, send, post, delete, or remove action as requiring explicit confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation contradicts the action’s stated purpose by labeling a read-only listing operation as a write action. This can mislead an agent or operator into applying unnecessary confirmation logic, or worse, create confusion about the safety and side effects of the action, which undermines reliable security decision-making around Better Proposals operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal