Back to skill

Security audit

Drivethru Production Scheduler

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Odoo production scheduler, but it gives an agent broad live MCP access to business scheduling data without a tight enforced tool boundary.

Install only if the Odoo MCP token is scoped to the intended scheduling tools and you are comfortable with an agent proposing live production schedule changes. Require explicit confirmation before every write, review the available MCP tools with the operator, and avoid letting informal feedback become permanent scheduling policy unless it is stored in an approved shop configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and relies on sensitive capabilities (`env` secrets and MCP access) but does not declare an explicit permission boundary for what the agent may do with them. In practice, this can cause the runtime or reviewers to under-estimate that the skill can reach a live Odoo endpoint with bearer-token authentication and perform scheduling writes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior is a production scheduler, but the implementation guidance exposes a generic MCP client pattern that can enumerate tools and invoke arbitrary tool names with arbitrary JSON. If the connected MCP server exposes broader operations than the scheduling subset, the agent can be steered into unintended reads or writes well beyond production planning.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough to trigger the skill on general planning or status-check requests, yet the skill has live write capability against Odoo scheduling data. Over-broad routing increases the chance the agent enters a powerful workflow in situations where the user expected a read-only answer, creating unnecessary exposure to accidental production changes.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
Telling the agent to 'remember' human feedback without defined limits implies persistent behavioral modification outside a controlled policy or memory framework. This can let unverified user instructions shape future scheduling decisions, leading to integrity issues, policy drift, or cross-session contamination of operational behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.