Back to skill

Security audit

Trent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Trent connector wrapper that can send chat messages through OOMOL, with no evidence of hidden or unrelated behavior.

Install only if you intend to use Trent through an OOMOL-connected account. Treat sent chat messages as state-changing and confirm the exact message and target before allowing the action; review OOMOL connection and billing setup separately if prompted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description says to use this skill for ANY Trent request and instead of calling the API directly, which is an overly broad routing trigger. That can cause the agent to invoke a state-changing connector in situations where a narrower skill or safer read-only path would have been more appropriate, increasing the chance of unintended data access or writes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.