GenderAPI.io

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GenderAPI.io connector for gender inference, with privacy considerations but no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable using GenderAPI.io through an OOMOL-connected account. Treat email addresses, names, and usernames as personal data, confirm you have a legitimate basis or consent before submitting them, and review GenderAPI.io/OOMOL data handling terms for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to send an email address to an external gender-inference service without any warning about privacy, consent, or the sensitivity of deriving demographic attributes from personal data. Email addresses are personal data, and transmitting them to a third party for profiling can create privacy, compliance, and trust risks, especially if users are unaware that external processing will occur.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal