ClawHub

Omi Me

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Omi.me CLI integration, but it has credential-handling and endpoint-scoping flaws that could expose a user’s Omi API token or affect live account data.

Review before installing. Do not use a real Omi API token until the API_URL versus OMI_API_URL bug is fixed. If testing anyway, clear any API_URL environment variable, use a limited or disposable token, run chmod 600 on ~/.config/omi-me/token, avoid omi-token.sh get in logged or shared terminals, and be careful with delete/update commands because they operate on live Omi.me data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The script initializes and documents the base URL as OMI_API_URL, but the actual curl call uses API_URL instead. This means requests may fail unexpectedly or, if API_URL is set in the environment by another process, sensitive memory, task, and conversation data plus the bearer token could be sent to an unintended host.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script provides a `get` command that prints the raw API token directly to stdout. This increases the chance of credential exposure through terminal history, shell logging, process capture, copied output, or accidental inclusion in other tooling, and is not necessary for normal integration behavior.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The help/default text encourages plaintext secret handling by telling users to manually write the token into a file. While the file is later protected with mode 600 in the scripted path, encouraging ad hoc plaintext handling increases the chance of unsafe storage, shell history leakage, and user mishandling of sensitive credentials.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script copies the OMI_API_TOKEN environment variable into a plaintext file under $HOME/.config/omi-me/token without setting restrictive permissions. Secrets stored this way may be exposed to other local users, backup systems, support tooling, or later mishandling by other scripts, increasing the chance of credential compromise. In a skill specifically designed to access memories, tasks, and conversations, token theft could grant broad access to sensitive user data and API actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly promotes `omi-token.sh get` to print the current API token, which can expose credentials to terminal history, screen sharing, logs, or other local observers. Since this is an API token for a remote service, disclosure could allow unauthorized access to the user's Omi.me data and actions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Printing the stored API token to stdout exposes a live credential without any warning or masking. In agent or automation contexts, stdout is often captured by logs or upstream systems, making this materially more dangerous than a local-only secret read.

External Transmission

Medium
Category
Data Exfiltration
Content
local endpoint="$2"
    local data="$3"
    
    curl -s -X "$method" \
        -H "Authorization: Bearer $OMI_API_TOKEN" \
        -H "Content-Type: application/json" \
        "${API_URL}/$endpoint" \
Confidence
91% confidence
Finding
curl -s -X "$method" \ -H "Authorization: Bearer $OMI_API_TOKEN" \ -H "Content-Type: application/json" \ "${API_URL}/$endpoint" \ ${data:+-d

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal