App Connectors

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate app-connector helper, but it gives an agent broad power over connected third-party accounts without enough built-in confirmation or scope guidance.

Review before installing. Use it only with a scoped Composio API key, and require your agent to confirm the target app, account, action, recipient or resource, and exact content before sending messages, changing records, disconnecting apps, or running batches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to execute external app actions such as sending email and other connector operations, but it does not require explicit user confirmation or warn that data will be transmitted to third-party services and may cause real-world side effects. In an agent context, this increases the risk of unintended outbound actions, misuse of connected accounts, and privacy-impacting operations triggered from ambiguous prompts.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The OAuth connection flow directs the agent to initiate app linking and return redirect URLs without privacy, scope, or account-access warnings. This can cause users to authorize broad third-party access without understanding what permissions are being granted, especially when the agent is acting as an intermediary.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal