Back to skill

Security audit

Geckoboard

Security checks across malware telemetry and agentic risk

Overview

This Geckoboard skill is mostly coherent, but one data-changing action is presented as untagged even though the safety guidance says untagged actions are safe to run directly.

Review before installing if your Geckoboard datasets contain important operational or business data. Treat `append_dataset_data` as a write action and require explicit confirmation of the dataset, records, and update behavior before running it. Also review the external `oo` CLI setup and OOMOL account connection requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill’s safety section says untagged actions are read-only, but the listed untagged action `append_dataset_data` explicitly appends and updates records. This can cause the agent to execute state-changing operations without the confirmation normally required for writes, increasing the risk of unintended data modification in the user’s Geckoboard account.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use this skill for ANY Geckoboard request creates overly broad routing with weak scope boundaries. In practice, this can cause an agent to invoke powerful read/write/destructive capabilities by default even when a narrower, safer path or additional user confirmation would be more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.