Back to skill

Security audit

Plasmic

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a Plasmic read-only connector helper, with some broad wording users should understand before use.

Install only if you intend to use OOMOL's oo CLI with a connected Plasmic account. Treat it as appropriate for listing and counting Plasmic CMS items; for edits, deletes, or broader Plasmic administration, require explicit user confirmation and verify the live connector action schema first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and description constrain the skill to 'searching and reading data,' but the body provides a generic procedure to inspect and invoke arbitrary connector actions via `oo connector schema` and `oo connector run`. That mismatch can cause an agent or user to trust the skill as read-only while still enabling undisclosed write or destructive operations if the connector exposes them, weakening policy enforcement and increasing the chance of unsafe state changes.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The safety section implies that write/destructive actions will be clearly tagged, but the skill also teaches a generic mechanism for running any action discovered from the live schema. This creates a documentation-driven trust gap: an agent may assume unlisted or untagged actions are safe reads even though the generic invocation path could reach mutating actions not reflected in the static action list.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase says to use this skill for 'ANY Plasmic request,' which is broader than the declared read/search purpose and can route unrelated or higher-risk Plasmic tasks through this skill by default. In context, that broad routing becomes more dangerous because the skill also documents generic connector execution, potentially expanding use beyond intended safe read operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.