ClawHub

GTmetrix

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GTmetrix connector skill, with a disclosed test-starting action that users should approve before use.

Install only if you want an agent to use your connected GTmetrix account through OOMOL. Treat `start_test` as a state-changing action that may consume GTmetrix credits, and confirm the URL, payload, and expected cost before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest describes the skill as only for 'searching and reading data,' but the documented actions include `start_test`, which changes remote state by initiating a new GTmetrix test. This mismatch can mislead users or orchestrators into invoking the skill under a read-only assumption, resulting in unintended actions and resource consumption.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill's top-level description claims a read/search-only scope while the body defines a state-changing `start_test` action. In agentic environments, this kind of semantic mismatch can bypass user expectations and policy gating based on manifest text, causing unintended remote operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance says to use this skill for 'ANY GTmetrix request,' which is overly broad and may cause the skill to trigger on vague mentions of GTmetrix rather than clear user intent. Because the skill includes a mutating action, broad routing increases the chance of unnecessary or unintended use of connected-account capabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal