Back to skill

Security audit

Jamie

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Jamie read-only connector wrapper with expected access to meeting data through the OOMOL CLI.

Install this only if you want your agent to read Jamie meeting data through an OOMOL-connected account. Meeting transcripts, summaries, tasks, and tags can be sensitive, so use it in workspaces where that data access is acceptable and review any future version that adds write or destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The description says to use this skill for "ANY Jamie request" and "instead of calling the API directly," which creates an overly broad routing rule. That can cause an agent to invoke this skill for all Jamie-related tasks without checking whether the request is appropriate, least-privileged, or better handled by a narrower mechanism, increasing the chance of unintended data access or overuse of connector-backed operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.