Back to skill

Security audit

Statista

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Statista connector wrapper that uses OOMOL's `oo` CLI for read-only Statista searches and retrievals.

Install this if you are comfortable using OOMOL's `oo` CLI and sending Statista-related searches or IDs through the OOMOL/Statista connector. Review the first-time setup before running any installer or login command, and confirm any future action if new write or destructive Statista operations are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger instruction is excessively broad: 'Use this skill for ANY Statista request' can cause automatic invocation whenever Statista is merely mentioned, even if the user's intent is informational, comparative, or better served by another tool. This can lead to unnecessary tool execution, reduced user control, and accidental exposure of user queries to the connected third-party service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.