OpenCage

Security checks across malware telemetry and agentic risk

Overview

This OpenCage skill is a small, disclosed geocoding connector that uses the OOMOL `oo` CLI and does not show hidden, destructive, or exfiltrating behavior.

Install this if you want an agent to use OpenCage through OOMOL. Be aware that geocoding queries and coordinates are sent through the OOMOL/OpenCage connector, and only install the `oo` CLI from OOMOL if you trust that toolchain. The publisher should tighten the broad 'any OpenCage request' wording and correct the forward-geocode write-action label.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill documentation incorrectly labels a forward geocoding lookup as a write action that changes external state. This can mislead an agent into requesting unnecessary confirmation, avoiding safe read operations, or misclassifying the action’s risk, which undermines reliable security and permission handling.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The instruction to use this skill for ANY OpenCage request is overly broad and can cause the agent to route unrelated or higher-risk OpenCage-adjacent tasks through this skill without sufficient specificity. Broad activation language increases the chance of unintended tool invocation and can bypass more appropriate task-specific validation or user confirmation flows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal