Back to skill

Security audit

Manatal

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal Manatal integration, with the main caveat that users should explicitly approve any create or update actions.

Install only if you intend to let the agent work with Manatal. Use a limited-scope Manatal API token where possible, review candidate/job/company changes before they are submitted, and give explicit confirmation for create, update, or delete-like actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is explicitly broad: it instructs use of this skill for ANY Manatal request, including reading, creating, and updating data. That can cause the agent to invoke a state-changing integration too readily, increasing the chance of unintended writes or overuse in cases where a narrower or read-only path would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.