Back to skill

Security audit

GoSquared

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GoSquared analytics connector that uses the OOMOL oo CLI for read-oriented actions and does not show hidden or destructive behavior.

Install only if you trust OOMOL as the intermediary for your GoSquared connection. Expect the skill to read analytics and authorization metadata from the connected GoSquared project, and review any future version carefully if it adds write or destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text directs the agent to use this skill for any GoSquared-related request without narrowing scope by task type, sensitivity, or operation class. While this particular skill only exposes read-oriented actions in the listed actions, the broad routing language can still cause over-selection of the skill, reduce user/control-plane choice, and become riskier if the skill later gains write-capable actions or if action metadata is inaccurate.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.