Back to skill

Security audit

Perdoo

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for managing Perdoo, but it exposes a broad GraphQL action that can run mutations while the safety guidance treats untagged actions as safe reads.

Review this skill carefully before installing if your Perdoo workspace contains sensitive company goals or metrics. It can run broad Perdoo GraphQL operations through OOMOL, including mutations, so users should require explicit confirmation for any execute_graphql mutation or any operation that changes Perdoo data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.