HalaOS HR Copilot

Security checks across malware telemetry and agentic risk

Overview

This is a plausible HR copilot, but it can expose or change sensitive employee, payroll, leave, attendance, and workforce-risk data from broad natural-language prompts with limited safety controls described.

Install only if you are authorized to handle your organization's HR data and trust the HalaOS service and MCP server source. Use the narrowest API key available, avoid admin credentials for routine questions, and require explicit confirmation before payroll runs, approvals, attendance changes, government-form generation, flight-risk reviews, or org-wide employee data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README documents broad access to highly sensitive HR data and high-impact actions such as payroll runs, approvals, attendance events, employee directory access, and risk analytics, but it does not clearly warn users about privacy, authorization scope, or the consequences of invoking these operations. In an HR context, this is especially dangerous because the data includes payroll, health-related leave context, employee records, and behavioral risk signals, and the actions can materially affect employees and compliance obligations if used without explicit safeguards.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger for a morning briefing is broad enough to fire on casual greetings like 'good morning,' which can cause the agent to automatically invoke sensitive HR tools and surface operational data without a clearly scoped user request. In an HR context, unintended retrieval of attendance, leave, and compliance information increases privacy and least-privilege risk.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The leave-management trigger is loosely defined and can lead the agent to enumerate pending leave requests and even all employee leave balances once the topic of leave arises. In an HR system, that can expose sensitive employee absence information beyond the minimum needed for the user's actual request.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: A broad payroll trigger may activate on general conversation about salary or deductions and cause the agent to fetch payslips or payroll cycles without a precise, authorized request. Payroll data is highly sensitive, so accidental retrieval materially raises confidentiality concerns.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: Triggering employee lookup based merely on mention of a person's name is risky because ordinary conversation may cause the agent to search personnel records and reveal department, role, tenure, or leave details. In an HR assistant, employee profile data is sensitive and should only be accessed under explicit user intent and proper authorization.

Vague Triggers

Medium

Confidence: 74% confidence
Finding: The end-of-day summary trigger uses vague phrases that can unintentionally launch broad analytics calls including flight-risk and compliance alerts. Because those outputs may contain sensitive workforce assessments and restricted compliance issues, accidental activation could disclose high-value internal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal