Back to skill

Security audit

Snipe-IT

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-focused Snipe-IT connector wrapper with limited local tool access and no artifact-backed malicious behavior.

Install this if you want Codex to read Snipe-IT inventory data through OOMOL. Be aware that it may expose asset and user records from your connected Snipe-IT account to the agent session, and only approve future write or destructive connector actions if you clearly understand the target and payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and description constrain the skill to 'searching and reading data', but the body generalizes execution to any Snipe-IT action and includes guidance for write/destructive operations. This mismatch can cause downstream agents or users to invoke the skill under the false assumption that it is read-only, increasing the risk of unintended state changes in an asset-management system.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The safety section discusses write and destructive actions, but the listed actions are all reads and the skill still teaches a generic pattern for running any connector action. That inconsistency weakens operator understanding of the actual trust boundary and could enable future or undocumented state-changing actions to be run without the stronger safeguards implied by the top-level description.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger text says to use this skill for 'ANY Snipe-IT request' and 'instead of calling the API directly,' which is overly broad and encourages automatic invocation for all Snipe-IT-related tasks. In context, that broad routing combines with generic action-execution instructions, making it easier for an agent to use this skill in situations beyond safe read/search workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.