Back to skill

Security audit

Runscope

Security checks across malware telemetry and agentic risk

Overview

This is a small, disclosed Runscope connector skill that reads Runscope monitoring data through the OOMOL oo CLI, with no hidden files or write actions in the artifact.

Install this only if you are comfortable letting your agent read Runscope account and monitoring data through your OOMOL-connected Runscope account. If the oo CLI is not already installed, review the remote installer before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is extremely broad: it instructs use of this skill for ANY Runscope-related request, which can cause the agent to invoke it even when a narrower or safer path would be more appropriate. Over-broad routing increases the chance of unintended tool use, unnecessary data exposure from connected accounts, and bypass of more context-specific safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.