Back to skill

Security audit

Crunchbase

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Crunchbase read connector that uses the OOMOL oo CLI and does not contain hidden code, persistence, or destructive behavior.

Install this if you want your agent to use OOMOL's oo CLI for Crunchbase lookups. Before first use, confirm you trust OOMOL and the oo CLI installer, and only connect a Crunchbase account you are comfortable using through that service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text is overly broad because it directs the agent to use this skill for ANY Crunchbase-related request, which can cause unintended invocation even when a narrower or safer handling path would be more appropriate. In an agentic environment, broad routing rules increase the chance of unnecessary external data access and reduce operator control over when the connector is used.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.