Security audit

Salesflare

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Salesflare connector skill that can read and update CRM records through OOMOL, with write actions labeled and confirmation guidance included.

Install this only if you want the agent to access Salesflare through OOMOL. Expect read actions to run directly and create/update actions to require your confirmation of the exact payload and effect. Review the OOMOL CLI and Salesflare connection setup because your CRM access is mediated through that account connection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description explicitly says to use this skill for ANY Salesflare request and instead of calling the API directly, which creates an overly broad routing trigger. That can cause the agent to invoke this skill for vague or incidental Salesflare mentions, increasing the chance of unintended data access or write-capable operations being selected in contexts where a narrower tool or additional user confirmation would be safer.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal