Back to skill

Security audit

Circle

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Circle connector wrapper with no hidden files or malware signals, but users should review its CLI setup command and confirm any state-changing Circle action.

Install only if you want an agent to access your Circle account through OOMOL. Review the oo CLI installer before running it, connect only the Circle account and scopes you intend to use, and require explicit confirmation before any action that creates, updates, deletes, or publishes Circle content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The action list labels `get_post` as `[write]` even though its name and description indicate a read operation. Misclassifying a read as a write breaks the skill's own safety model and can train downstream agents or users to distrust or mis-handle action tags, which is dangerous because these tags are supposed to gate confirmation behavior around state-changing operations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says to use this skill for "ANY Circle request" and "instead of calling the API directly," which is an overly broad trigger that can force invocation outside appropriate scope. In an agentic environment, such broad routing language can cause unnecessary or unsafe tool use, bypass narrower policy checks, and expand the blast radius of mistakes because the skill handles both reads and writes.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The first-time setup recommends piping a remote install script directly into `bash` or PowerShell without an explicit security warning or safer verification path. This is dangerous because it normalizes arbitrary remote code execution in the user's shell; if the install endpoint is compromised, intercepted, or spoofed, the user could execute attacker-controlled code with their local privileges.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.