Google BigQuery

Security checks across malware telemetry and agentic risk

Overview

This BigQuery skill is a coherent OOMOL connector wrapper, but users should be careful with write/delete/job-cancel actions and the CLI install command.

Install only if you intend to let the agent operate BigQuery through your OOMOL-connected account. Confirm exact project, dataset, table, job ID, query, and payload before any write, delete, extract, load, insert, or job-cancel action. If the oo CLI is not installed, inspect OOMOL's installer or use a trusted installation path before running the curl-to-bash or PowerShell command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This action documentation exposes a destructive operation that cancels BigQuery jobs but provides no warning, confirmation guidance, or usage constraints. In an agent setting, that omission increases the chance of accidental or unauthorized disruption of running queries, ETL pipelines, or data-loading jobs, especially because the skill explicitly encourages using it for any BigQuery request.

External Script Fetching

High

Category: Supply Chain
Content: - **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>): ```bash curl -fsSL https://cli.oomol.com/install.sh | bash # macOS / Linux ``` ```powershell
Confidence: 99% confidence
Finding: curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal