Back to skill

Security audit

Skio

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Skio read/export connector that uses OOMOL's oo CLI and does not show hidden, destructive, or deceptive behavior.

Install this only if you want your agent to read Skio business data through an OOMOL-connected account. Review any oo CLI installation step before running it, and require explicit confirmation before any future Skio action that is labeled write or destructive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest and description position the skill as a read/search interface, but the body instructs the agent to inspect and invoke arbitrary connector actions and discusses write/destructive operations. This creates a capability/expectation mismatch that can cause an agent or user to trust the skill as read-only when the underlying connector may expose state-changing actions, increasing the risk of unintended modification if the action list later expands or is misread.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger language says to use this skill for ANY Skio request, which is overly broad and can cause automatic invocation in situations where a narrower or safer path would be preferable. Broad routing increases the chance of unintended data access, unnecessary connector use, or future misuse if the skill gains additional actions beyond simple reads.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.