Celigo

Security checks across malware telemetry and agentic risk

Overview

This Celigo skill is a read-oriented connector wrapper with clean scans, though one action file has a documentation inconsistency users should notice.

Install only if you are comfortable connecting OOMOL to your Celigo account and letting the agent read Celigo integration metadata through that connector. Treat `get_import` as a documentation issue until fixed: verify the live schema and require confirmation if the action appears to have side effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The file describes `get_import` as a read operation ('Get one Celigo import by import ID') but later labels it as a write action that changes Celigo state. This inconsistency can cause an agent or operator to apply the wrong safety posture: either over-restricting harmless reads or, more dangerously in documentation ecosystems, normalizing incorrect assumptions about which actions are state-changing and requiring confirmation. In a skill that agents may rely on for tool-selection and execution safeguards, misleading action semantics are a real security/documentation integrity issue.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal