MoonClerk

Security checks across malware telemetry and agentic risk

Overview

This MoonClerk skill is a disclosed OOMOL connector helper for reading customers, forms, and payments, with some wording that users should treat carefully but no evidence of hidden or malicious behavior.

Install only if you intend to let an agent read MoonClerk customer, form, and payment data through OOMOL. Treat any create, update, send, post, delete, billing, or setup request as requiring explicit user approval, and be cautious with the fallback CLI install command because it runs a remote installer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest and description position the skill as only for searching and reading data, but the body provides generic guidance for running arbitrary connector actions, including mutating and destructive ones. This creates a scope mismatch that can mislead an agent or user into granting broader operational authority than the metadata suggests, increasing the chance of unintended state-changing requests.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase says to use this skill for ANY MoonClerk request, which is overly broad and can cause the skill to be invoked even when a narrower or safer path would be more appropriate. Overbroad routing increases the risk of accidental data access, over-collection, or execution in contexts the skill was not designed to handle.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal