Back to skill

Security audit

Quipteams

Security checks across malware telemetry and agentic risk

Overview

This is a read-oriented Quipteams connector skill with disclosed business-data access and no evidence of hidden, destructive, or deceptive behavior.

Install only if you trust OOMOL and intend to let the agent read Quipteams business data through your connected account. Be especially careful with employee HRIS metadata, quote recipients, comments, and inventory records, and ask the agent for the minimum records needed for each task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill explicitly says to use it for ANY Quipteams request, which creates an overly broad trigger scope and can cause the agent to route all Quipteams-related tasks through this skill without enough task-specific scrutiny. Because the skill can retrieve potentially sensitive business and employee data, this broad matching increases the chance of unnecessary data access or use in contexts where a narrower, purpose-limited skill would be safer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The action list states that get_employee retrieves employee data including HRIS metadata, but the skill does not warn that this may contain sensitive personal or employment information. Without a privacy warning or minimization guidance, an agent may fetch or expose HR-related data more broadly than necessary, increasing privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.