Genderize

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Genderize connector wrapper with disclosed OOMOL CLI use and no evidence of hidden, destructive, or deceptive behavior.

Before installing, be comfortable using OOMOL as an intermediary for Genderize and with installing the oo CLI from OOMOL if it is not already present. Do not send names or country context unless you are comfortable having that data processed for gender prediction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description instructs use of the skill for any task that "involves Genderize" and for "ANY Genderize request," without defining narrower activation conditions or exclusions. In a markdown skill description, this is a vague trigger because it does not specify boundaries for when the skill should or should not activate.

External Script Fetching

High

Category: Supply Chain
Content: - **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>): ```bash curl -fsSL https://cli.oomol.com/install.sh | bash # macOS / Linux ``` ```powershell
Confidence: 90% confidence
Finding: curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal