ClawHub

Pp Olx

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OLX job-listings CLI wrapper, with optional output delivery and feedback features users should enable only deliberately.

Install only if you trust the external olx-pp-cli installer. Use the skill for public OLX data, avoid webhook delivery unless you chose and trust the URL, and check local feedback or saved profiles if you do not want agent notes or repeated flag values retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a public, no-auth OLX API client, but it also documents a generic output delivery feature that can write results to arbitrary files or POST them to arbitrary webhook URLs. That materially expands the trust boundary from local API querying into data exfiltration and filesystem side effects, which is dangerous in an agent context because the agent may follow the skill's instructions without the user realizing outputs can be redirected elsewhere.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill claims no-auth OLX API usage, but it also includes local feedback persistence and optional transmission to an endpoint via environment variable plus flags. Even if default behavior is local-only, this introduces unexpected data retention and a latent outbound channel that could disclose prompts, API responses, or operator notes if enabled in the environment.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Arbitrary webhook delivery is not necessary for a job-listings API client and creates an unjustified outbound communication capability. In an agent setting, that can be abused to exfiltrate retrieved data, local-store contents, or derived outputs to attacker-controlled infrastructure under the guise of normal command execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The webhook sink can send command output to any URL, yet the skill text does not provide an explicit privacy or disclosure warning proportionate to that risk. Because command output may include API data, local-store results, or user-supplied content, silent or under-warned remote transmission is a meaningful data leakage hazard.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal