Back to skill

Security audit

Measure

Security checks across malware telemetry and agentic risk

Overview

This skill is a Measure billing connector that discloses its read and write capabilities and limits tool use to the OOMOL CLI.

Install only if you intend to let the agent access your Measure billing data through OOMOL. Review any proposed create or update payload before approving it, and only run the oo CLI installer or account connection steps if you trust OOMOL and need this integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger text instructs the agent to use this skill for 'ANY Measure request' and 'instead of calling the API directly,' which is overly broad and can cause the skill to be invoked for a wide range of Measure-related tasks without sufficient task-level scoping. In an agent setting, broad routing language increases the chance of unintended use of read/write capabilities and can bypass more precise tool selection or policy checks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.