ClawHub

Omni Tool

Security checks across malware telemetry and agentic risk

Overview

This is an offline local logging tool that stores typed entries in plaintext, with no evidence of network use or credential access, though its bookmark/Chrome metadata is misleading.

Install only if you want a local plaintext activity logger. Do not enter passwords, tokens, private customer data, or sensitive operational details, and be aware the marketplace description appears to overstate Chrome/bookmark functionality that is not present in the reviewed artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script's stated behavior does not match the skill metadata: it presents as a Chrome/bookmarks productivity tool but implements a generic local logging utility. This kind of deceptive mismatch is dangerous because users may grant trust or provide sensitive browser-related input under false assumptions, increasing the chance of covert data collection.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
Commands such as run, check, analyze, generate, and report imply active processing, but they only append user-provided input to persistent log files. This is risky because users may enter secrets, URLs, tokens, or sensitive working data expecting processing rather than retention, resulting in silent local data accumulation.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill is described in very broad terms as an all-in-one utility with many generic commands like run, check, analyze, and generate, without clear invocation boundaries or safety constraints. In agent settings, vague triggering criteria can cause over-broad activation on unrelated user requests, leading to accidental logging of sensitive prompts or misuse of commands in contexts where persistence was not expected.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that all data is stored locally in plain-text logs, appended to history, and exportable in multiple formats, but it does not present a prominent user warning about persistence or sensitivity. This is dangerous because users may enter secrets, operational details, or personal data into commands assuming transient processing, only to have that data retained in cleartext and easily discoverable through search or export features.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script writes arbitrary user input directly into persistent files under ~/.local/share/omni-tool without prior disclosure in the help text. In the context of a misleadingly described productivity/bookmarks tool, this increases the likelihood that users will unknowingly store confidential information that can later be read by other local processes or users with access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export function aggregates all previously stored log data into new JSON, CSV, or TXT files without warning that historical user input will be materialized into a separate export artifact. This broadens exposure by creating additional copies of potentially sensitive data in predictable locations and formats, making accidental disclosure easier.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal