Back to skill

Security audit

Mindbody

Security checks across malware telemetry and agentic risk

Overview

This skill is a small Mindbody connector guide that appears focused on reading business-directory data through the OOMOL CLI, with no artifact-backed evidence of hidden or destructive behavior.

Install this only if you are comfortable using OOMOL's `oo` CLI with your connected Mindbody account. Keep use limited to the documented `list_businesses` read action unless a future version explicitly documents additional actions and their effects; review any CLI install or login step before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest promises the skill is only for 'searching and reading data', but the body explicitly authorizes running any Mindbody action and even discusses write and destructive operations. That mismatch can cause an upstream agent or reviewer to trust the skill as read-only when it is actually capable of mutating external state, increasing the chance of unsafe automation or unintended data changes.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation says untagged actions are reads and 'safe to run directly', but the skill only lists one action while also instructing the agent to discover and run arbitrary live actions via schema lookup. This creates a trust gap where newly exposed or undocumented connector actions could be executed without proper review, including potentially sensitive reads or writes mislabeled by omission.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition says to use this skill for ANY Mindbody request and instead of calling the API directly, which is overly broad for a connector that can potentially access account-linked business data and perform arbitrary actions. Broad routing increases the likelihood that unrelated, high-risk, or insufficiently reviewed tasks get funneled into this skill automatically without narrower scoping or policy gating.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.