Back to skill

Security audit

Streak

Security checks across malware telemetry and agentic risk

Overview

This Streak skill is a disclosed, read-oriented OOMOL connector wrapper with no artifact-backed malicious behavior.

Before installing, understand that this gives your agent read access to Streak data visible to your connected OOMOL account. Only connect the Streak account you intend to use, and treat the remote oo CLI install step as a normal third-party setup step that should be run only if you trust OOMOL and need the CLI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase instructs the agent to use this skill for ANY Streak-related request, which is broader than the skill's actual documented capability of searching and reading data. Overly broad routing can cause the agent to invoke the skill in inappropriate contexts, potentially bypassing finer-grained tool selection or leading to unintended data access through an external connector.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.