Back to skill

Security audit

OpenStatus

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenStatus connector that can read, create, update, trigger, and delete monitors with stated confirmation requirements for state-changing actions.

Install only if you want your agent to operate your OpenStatus account through OOMOL. Review write and delete prompts carefully, and only connect an OpenStatus API key with the access level you are comfortable granting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description instructs the agent to use this skill for ANY OpenStatus-related task instead of calling the API directly, creating an overly broad trigger surface. This can cause the skill to be invoked in contexts where narrower, more appropriate controls or user confirmations would otherwise apply, increasing the chance of unintended state-changing or destructive operations through the connector.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.