Back to skill

Security audit

Gift Up

Security checks across malware telemetry and agentic risk

Overview

This Gift Up skill appears purpose-built, but it can change gift-card balances or status and its safety labels do not reliably require confirmation for those actions.

Install only if you are comfortable with an agent operating your connected Gift Up account through OOMOL. Before allowing use, require explicit confirmation for every redeem, redeem-in-full, top-up, undo redemption, void, or reactivate action, and do not rely on the current `[write]` tags as complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill labels `get_order` as a `[write]` action even though its description says it only retrieves data. Misclassifying a read as a write can distort approval logic and user/operator expectations, causing unnecessary confirmations or, more importantly, reducing trust in the tagging system that is supposed to distinguish safe reads from state-changing operations.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description says to use this skill for 'ANY Gift Up request' and 'instead of calling the API directly,' which is an overly broad routing trigger. Broad invocation language can cause the agent to select this skill in situations that need tighter scoping, additional safeguards, or direct API logic with more explicit validation, increasing the chance of unintended access or state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Several state-changing actions such as redeeming, topping up, voiding, reactivating, and undoing redemptions are listed without consistent `[write]` or `[destructive]` tags, while the safety section instructs the agent to rely on those tags before executing. This creates a direct path for unsafe automation: the agent may treat mutation actions as safe reads and execute financially or operationally significant changes without the intended confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.