Back to skill

Security audit

Neutrino API

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Neutrino API connector for lookup and validation tasks, with no hidden executable code or evidence of malicious behavior.

Install this only if you want Codex to send IP addresses, domains, email addresses, or phone numbers to Neutrino via your OOMOL-connected account. Be careful with sensitive personal data, and review any first-time CLI installation or account-connection step before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text is overly broad: it instructs the agent to use this skill for ANY Neutrino-related request instead of calling the API directly. That can cause unintended invocation whenever a task merely mentions Neutrino, reducing opportunity for task-specific safety checks and increasing the chance of unnecessary external data disclosure or autonomous API use. In this skill's context the available actions are read-oriented and limited, so the risk is moderate rather than severe, but the broad routing language still expands the attack surface.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.