Security audit

Make

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Make.com connector that can read account and scenario information and perform scenario operations through OOMOL's CLI.

Install only if you are comfortable letting agents use your OOMOL-connected Make account. Review scenario activation, deactivation, and one-time run requests carefully, because Make scenarios can trigger downstream actions in other services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description instructs the agent to use this skill for ANY Make-related request, creating an overly broad routing rule that can bypass more specific safeguards or narrower-purpose skills. Because this connector includes both read and state-changing actions, broad auto-selection increases the chance of unintended activation, deactivation, or scenario execution in contexts where the user did not explicitly intend operational changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal