Security audit

Bookingmood

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Bookingmood read/search connector helper with no evidence of hidden, destructive, or unrelated behavior.

Install only if you want an agent to read Bookingmood bookings, products, and availability through your OOMOL-connected account. Review the oo CLI installation and OOMOL connection steps before first use, and prefer explicit Bookingmood data requests rather than general advice prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger text is overly broad because it instructs the agent to use this skill for any Bookingmood-related task, regardless of whether a more appropriate, narrower, or safer path exists. This can cause unnecessary delegation to a shell-capable skill and increase attack surface, especially if future changes add write-capable actions or if users intend only general advice rather than connector access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal