V2EX

Security checks across malware telemetry and agentic risk

Overview

This V2EX skill is a disclosed OOMOL connector wrapper for reading and changing V2EX account data, with no evidence of hidden or unrelated behavior.

Before installing, understand that this skill can act on your connected V2EX account, including public visibility changes and token creation. Confirm the exact topic, notification, or token action before allowing write or delete operations, and only use it if you trust the OOMOL CLI/connector setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The action documentation states that it will 'boost' an authenticated member's topic to the homepage, but it does not clearly warn that this is a state-changing public action with visibility and possible credit/usage consequences. In an agent setting, missing warnings increase the risk of unintended execution, especially because the skill is positioned as the default path for any V2EX request and could be invoked without explicit user confirmation for a public-facing change.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal