Back to skill

Security audit

OpenHands

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenHands connector wrapper with write actions clearly labeled and confirmation required before state changes.

Install only if you want your agent to operate OpenHands through OOMOL. Review any write payload before approving actions that start conversations or send messages, and inspect the oo CLI installer/authentication steps if setup is required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text is explicitly broad: it directs use of this skill for ANY OpenHands request, including reading, creating, and updating data. That can cause the skill to be selected for loosely related prompts and increases the chance of unintended state-changing operations, especially because the skill exposes write actions such as starting conversations and sending messages.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.