Back to skill

Security audit

UnifAPI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed UnifAPI connector wrapper with broad but expected external data access; the main caution is broad invocation wording and some unclear write labels.

Install only if you intend to let the agent operate UnifAPI through your OOMOL account. Review requested actions and payloads carefully, especially anything tagged [write], and be aware that first-time setup may install the oo CLI and connect your UnifAPI credentials through OOMOL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill’s safety model tells the agent to treat only actions tagged [write] as state-changing, but the action list applies [write] to endpoints whose descriptions look read-only. This inconsistency undermines reliable consent and safety gating: an agent may either over-confirm harmless actions or, worse, learn that the tags are unreliable and make unsafe assumptions about truly state-changing endpoints.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file states that untagged actions are reads and [write] actions change state, yet several comment-listing endpoints are marked [write] while described as read operations. That mismatch can cause incorrect approval flows and weakens operator trust in the labeling system that is supposed to prevent unintended mutations.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Conflicting [write] tags on Reddit and TikTok comment-reading actions create the same unsafe ambiguity in a different section of the action catalog. In a skill that brokers external service operations, ambiguous safety labeling can lead to unnecessary user prompts, suppressed prompts after habituation, or accidental execution of genuinely mutating actions without the intended scrutiny.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use this skill for ANY UnifAPI request and instead of calling the API directly, which is an overly broad routing trigger. Broad invocation language can cause the skill to be selected for many ordinary tasks touching UnifAPI, expanding exposure to its large action surface and making any documentation or consent defect more reachable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.