Back to skill

Security audit

Parallel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Parallel connector helper with normal account setup and clear confirmation rules for state-changing actions.

Install this only if you intend to use OOMOL's oo CLI with a connected Parallel account. Review payloads before approving create_task_run or any future write/destructive connector action, and be aware that first-time setup may require installing the oo CLI and signing in to OOMOL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger language is overly broad because it instructs use of this skill for 'ANY Parallel request,' which can cause the agent to route a wide range of user intents through a connector-capable skill without sufficient narrowing by task type or risk. In context, this matters because the skill supports both read and write actions, so broad invocation increases the chance of unnecessary tool use, accidental state changes, or bypass of more context-appropriate handling.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.