Security audit
Perdoo
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly coherent for managing Perdoo, but it exposes a broad GraphQL action that can run mutations while the safety guidance treats untagged actions as safe reads.
Review this skill carefully before installing if your Perdoo workspace contains sensitive company goals or metrics. It can run broad Perdoo GraphQL operations through OOMOL, including mutations, so users should require explicit confirmation for any execute_graphql mutation or any operation that changes Perdoo data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
