lemlist

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed lemlist read-only connector helper, with no artifact evidence of hidden exfiltration, destructive behavior, or automatic state changes.

Before installing, understand that this skill can read lemlist campaign, lead, and team data through your connected OOMOL account. Use it only in workspaces where that business/contact data is appropriate to expose to the agent, and review any oo CLI setup or connection prompts before completing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The manifest and skill metadata present this skill as limited to searching and reading lemlist data, but the body explicitly instructs the agent to inspect and run arbitrary connector actions and discusses write/destructive operations. This creates a capability mismatch that can mislead users, policy layers, or orchestration logic into treating the skill as read-only when it may actually perform state-changing actions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger text says to use this skill for ANY lemlist request and instead of calling the API directly, which is overly broad and can cause the skill to be invoked in contexts beyond its narrow documented purpose. Overbroad routing increases the chance of unintended tool use, including executing actions with wider privileges than necessary.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal