OneDrive

Security checks across malware telemetry and agentic risk

Overview

This OneDrive skill is a disclosed OOMOL connector for reading and changing OneDrive data, with one privacy note around downloaded files being staged in transit storage.

Install only if you are comfortable using OOMOL's oo connector with your OneDrive account. Be especially careful downloading sensitive files, because download actions stage the file in transit storage; confirm where that data is stored, who can access it, and how long it is retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly states that a OneDrive file will be downloaded and then uploaded to transit storage, but it provides no warning that data is being copied to another storage location or that sensitive content may leave its original trust boundary. This can cause unintended disclosure of private or regulated data, especially if users assume the action only reads directly from OneDrive rather than staging a copy elsewhere.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal