Typefully

Security checks across malware telemetry and agentic risk

Overview

This Typefully skill is a disclosed connector wrapper for reading and managing drafts, with one documentation inconsistency that should be fixed but does not show hidden or malicious behavior.

Before installing, confirm you trust OOMOL and are comfortable connecting a Typefully API key. Use extra care with create, update, and delete draft actions, and treat the `get_social_set` write warning as a documentation issue that should be corrected.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The document presents `get_social_set` as a read/retrieval action, but later warns that it is a write action that changes state. This inconsistency can mislead an agent or operator into executing the action under read-only assumptions, increasing the risk of unintended modifications or deletions in the user's Typefully account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal