Back to skill

Security audit

Aircall

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Aircall connector helper that is coherent with its stated purpose and shows no evidence of hidden, destructive, or deceptive behavior.

Before installing, make sure you are comfortable routing Aircall read requests through OOMOL's `oo` connector and exposing Aircall call, contact, number, team, and user data to that connected workflow. For write or admin Aircall tasks, do not assume this skill supports them unless a future version clearly lists and scopes those actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger scope is overly broad: instructing an agent to use this skill for 'ANY Aircall request' can cause it to route unrelated or higher-risk Aircall tasks through a skill whose documented behavior and safeguards are incomplete. In an agentic environment, broad routing language increases the chance of misuse, accidental overreach, or inappropriate reliance on this skill for actions it was not designed to handle.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.