Rollbar

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Rollbar connector skill with disclosed OOMOL setup and no evidence of hidden code, persistence, or destructive behavior.

Install only if you are comfortable using OOMOL's oo CLI and connecting a Rollbar account through OOMOL. The reviewed actions are read-only, but you should still confirm any future connector action before running it if the live schema exposes write or delete behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest and top-level description say the skill is for searching and reading data, but the body explicitly documents create, update, send, post, delete, and remove operations. This mismatch can cause an agent or user to trust the skill as read-only and invoke it in situations where state-changing operations are unexpectedly possible, increasing the risk of unintended modifications in Rollbar.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The phrase 'Use this skill for ANY Rollbar request' is overly broad and can cause the skill to be selected for all Rollbar-related tasks without sufficient qualification. In an agentic setting, broad routing language can increase unnecessary invocation and expose Rollbar data or capabilities in contexts where a narrower, task-specific skill would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal