Canny

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Canny connector that can read and modify Canny data through the oo CLI, with no evidence of hidden or unrelated behavior.

Install this only if you want your agent to access your Canny workspace through OOMOL. Review write payloads before approving creates or updates, and be aware that read actions may expose Canny users, posts, comments, and boards to the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The documentation contradicts the action's stated purpose by marking a read-only `retrieve_post` operation as a write action that changes Canny state. In an agent setting, this can cause unnecessary user-confirmation flows, incorrect risk classification, and unsafe orchestration logic if downstream systems rely on the docs to decide whether an action is mutating.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description says to use this skill for ANY Canny request, which is an overly broad trigger that can cause the agent to invoke the skill on casual mentions of Canny rather than clear user intent. In an agentic setting, broad routing increases the chance of unintended data access or state-changing operations being selected without sufficient contextual validation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal