Codemagic

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Codemagic connector that uses the OOMOL oo CLI for disclosed CI/CD read and build-management actions.

Install this only if you want an agent using your OOMOL-connected account to read Codemagic data and manage builds. Confirm exact app, workflow, team, and build IDs before any create_build or cancel_build action, since those can affect CI/CD pipelines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The action documentation states that it cancels a build but does not clearly warn that this is a disruptive operation affecting in-progress CI/CD work. In an agent-driven context, missing a cautionary warning increases the chance of accidental invocation, which can interrupt deployments, testing, or release workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal