v0

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed v0/OOMOL connector skill that can read and modify v0 workspace data, with no evidence of hidden or malicious behavior.

Install this only if you want Codex to operate your connected v0 workspace through OOMOL. Review any proposed payload before approving state-changing actions, especially deletes, environment-variable changes, webhooks, deployments, project visibility, and Vercel linking.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description says to use this skill for ANY v0 request, including reading, creating, updating, and deleting data. That broad trigger can cause the agent to invoke a highly privileged integration in situations where a narrower or safer path would be more appropriate, increasing the chance of unintended state-changing or destructive operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal