SMS Alert

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward SMS Alert connector wrapper with disclosed SMS-sending capability and user-confirmation guidance for state-changing actions.

Install only if you intend to let the agent operate your connected SMS Alert account. Review recipient numbers, message bodies, OTP parameters, and any cost-impacting sends before approving them, and install the oo CLI from the documented OOMOL source if setup is needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description and trigger guidance say to use this skill for ANY SMS Alert request and instead of calling the API directly, which can cause the agent to invoke the skill too broadly for loosely related SMS tasks. In an agent setting, overly broad routing increases the chance of unintended actions such as sending messages or interacting with the wrong integration without sufficient user intent validation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal