Back to skill

Security audit

7shifts

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed 7shifts connector helper that is limited in its artifact to read-oriented actions, with setup and credential use explained.

Before installing, be aware that the skill can read 7shifts data available to your connected OOMOL account. Use it for the listed read actions, and require explicit confirmation before allowing any future connector action that creates, changes, deletes, or overwrites 7shifts data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The manifest promises the skill is only for 'searching and reading data,' but the body text describes support for state-changing actions and gives operational guidance for running arbitrary connector actions. That mismatch can mislead an agent or reviewer into applying this skill in contexts assumed to be read-only, weakening safety controls around write-capable integrations.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The document states that actions with [write] or [destructive] tags exist, but the actual action list contains only read operations. This inconsistency creates ambiguity about the real connector surface and may cause downstream systems or operators to assume hidden mutating actions are available or safe to invoke via the generic 'inspect schema then run action' flow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger scope is overly broad: it instructs the agent to use this skill for ANY 7shifts request instead of narrower, purpose-limited tasks. Broad routing increases the chance the skill is selected for actions outside its safely documented scope, especially when paired with generic connector execution instructions that could be adapted to unsupported or sensitive operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.