BetterContact

Security checks across malware telemetry and agentic risk

Overview

This BetterContact skill is a disclosed OOMOL connector wrapper; its main caution is broad routing language plus access to account-backed enrichment actions.

Install this only if you intend to use OOMOL to operate your BetterContact account. Confirm any lead-enrichment submission payload before running it, since that can consume credits and send lead data to BetterContact/OOMOL-connected services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger text is overly broad: it directs use of this skill for "ANY BetterContact request" and whenever a task involves BetterContact, without narrowing by operation type, user intent, or required confirmation level. That ambiguity can cause unintended invocation for sensitive or state-changing actions, increasing the chance an agent routes requests here automatically when a narrower or safer path would be more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal