Back to skill

Security audit

Featurebase

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Featurebase connector wrapper with clear read/write/delete labeling and confirmation rules for state-changing actions.

Install only if you trust OOMOL and want Codex to operate your Featurebase account through the `oo` CLI. Review payloads before approving create, update, upsert, or delete actions, and be especially careful with contact and post deletion because those actions affect live Featurebase data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The skill is explicitly scoped to be used for ANY Featurebase request, which can cause overly broad invocation and route unrelated or higher-risk operations through this skill by default. In an agentic environment, broad trigger language increases the chance of unintended execution paths, including state-changing or destructive connector actions, especially when paired with a tool that can perform writes and deletes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.