RocketReach

Security checks across malware telemetry and agentic risk

Overview

This RocketReach skill is a disclosed OOMOL connector for searching and reading RocketReach data, with a notable but optional CLI installer risk.

Install this only if you are comfortable using OOMOL as the bridge to your RocketReach account. Prefer reviewing the oo CLI installer source or using a trusted manual install path before running the remote installer commands, and be mindful that RocketReach lookups may expose business contact/profile data from your connected account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill includes a first-time setup path that instructs the agent to install the oo CLI by piping a remotely fetched script directly into a shell. This creates a software supply-chain and arbitrary code execution risk unrelated to the core RocketReach read/search functionality, because a compromised install endpoint or MITM could cause execution of attacker-controlled code on the host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal