Back to skill

Security audit

Klipfolio

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Klipfolio connector for reading account-visible assets, with no artifact evidence of hidden writes, exfiltration, persistence, or destructive behavior.

Install this only if you trust OOMOL and want your agent to read Klipfolio assets through your connected account. Review any future version carefully if it adds write or destructive actions, and be cautious with the one-time CLI install/auth steps because they affect your local toolchain and OOMOL session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says the skill is for 'searching and reading data,' but the body explicitly allows arbitrary connector actions and even discusses [write] and [destructive] operations. This mismatch can cause agents or users to trust the skill as read-only when it may invoke state-changing behavior, increasing the risk of unintended writes if new actions are added or tags are wrong.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The safety section says untagged actions are safe reads, but the execution instructions permit running any action name supplied to the connector after schema inspection. Because there is no enforced allowlist or technical guardrail, a mislabeled, newly added, or maliciously exposed action could be executed as if it were safe, leading to unauthorized state changes.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrase 'Use this skill for ANY Klipfolio request' is overly broad and can cause the agent to route all Klipfolio-related tasks through this skill without considering narrower, safer alternatives or user intent. Overbroad activation increases the blast radius of the other issues in the skill by making it more likely to be invoked in contexts involving sensitive or state-changing operations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.