NASA

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed NASA data lookup connector with no evidence of hidden, destructive, or unrelated behavior.

Install this if you want Codex to query NASA data through OOMOL. Review the OOMOL connection and CLI installer before first use, and prefer invoking it for specific NASA data lookups rather than every NASA-related question.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger text is overly broad: it directs the agent to use this skill for ANY NASA-related request instead of limiting invocation to tasks that actually require the connector. That can cause unintended routing, unnecessary tool use, and increased exposure to downstream risky instructions such as shell commands or setup steps when a simpler direct response would suffice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal