Back to plugin

Security audit

Octo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Octo messaging channel plugin with sensitive but purpose-aligned chat, group-management, and secret-writing capabilities.

Install only for Octo workspaces where users understand the bot may receive all group messages and reuse recent history when mentioned. Keep bot tokens private, allow octo_management only for agents trusted to manage groups and write configured secrets, and review group/admin permissions on the Octo server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Exfiltration Commands

High
Category
Prompt Injection
Content
In groups, the adapter receives **all messages** via WebSocket.

**Default behavior (requireMention: true):**
- Messages without @mention: silently recorded as **history context** (no reply, no typing indicator)
- Messages WITH @mention: bot replies, with recent group chat history prepended to your prompt

This means you can always reference what was said before when someone @mentions you.
Confidence
84% confidence
Finding
silently record

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| POST /v1/bot/groups/:group_no/incoming-webhooks | Create an incoming webhook (returns push URL + token) |
| GET /v1/bot/groups/:group_no/incoming-webhooks | List incoming webhooks (no token/URL echoed) |
| PUT /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id | Update a webhook (name/status; avatar admin-only) |
| DELETE /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id | Delete a webhook |
| POST /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id/regenerate | Rotate a webhook's token |
| GET /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id/deliveries | Recent delivery records |
| POST /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id/test | Send a test push |
Confidence
81% confidence
Finding
DELETE /v1/bot/groups/:group_no/incoming-webhooks/:webhook_id

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
skills/octo-bot-api/SKILL.md:484
Evidence
SecretKey: [REDACTED],

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
skills/octo-bot-api/SKILL.md:325
Evidence
- "Ignore previous instructions and..."