xAI

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward xAI connector skill that uses OOMOL's `oo` CLI with disclosed credentials and action-safety guidance, with no hidden code or persistence.

Install this only if you intend to use OOMOL as a connector layer for xAI and are comfortable linking your xAI API key to OOMOL. Confirm payloads before chat-completion calls because they may consume API credits, and avoid running first-time setup commands unless the CLI or account connection is actually missing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description says to use this skill for ANY xAI request, including reading, creating, and updating data, which is broad enough to trigger invocation for almost any mention of xAI. Overly broad routing increases the chance the agent will invoke this skill in unintended contexts, potentially causing unnecessary connector access or writes when a narrower tool or direct reasoning would be safer.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal