Back to skill

Security audit

Forem

Security checks across malware telemetry and agentic risk

Overview

This Forem skill is a coherent connector wrapper for reading and managing Forem content through OOMOL, with write actions disclosed and confirmation required.

Install only if you are comfortable using OOMOL as the intermediary for your Forem account. Read/list actions can be run directly, but review the exact JSON payload before approving article creation or updates, and only run the CLI install or account connection steps when you actually need setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase 'Use this skill for ANY Forem request' is overly broad and can cause the agent to route all Forem-related tasks through this skill without sufficient scoping or least-privilege selection. Because the skill supports write operations and provides setup/install guidance, broad invocation increases the chance of unnecessary execution of powerful tooling in contexts where a narrower read-only flow or direct reasoning would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.