ClawHub

Omi Integration

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it handles very sensitive voice data with weak defaults and misleading credential-security wording, so it needs careful review before use.

Install only if you are comfortable storing Omi recordings and transcripts on this machine. Set a strong OMI_WEBHOOK_SECRET before exposing any webhook, avoid public ngrok exposure unless needed, protect or encrypt the storage directory, rotate the API key if exposed, and treat the documentation's encryption claim as inaccurate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents use of shell commands, network access, and local credential storage, but it does not declare corresponding permissions. Missing capability disclosure weakens trust boundaries and can cause users or hosting platforms to approve a skill without understanding that it can access external services and persist sensitive data locally. In this context, the risk is elevated because the skill handles recordings and transcripts, which are highly sensitive.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The Privacy section claims the API key is encrypted at rest, but the setup instructions write it directly to ~/.config/omi/api_key as plaintext with file permissions only. This is a security misrepresentation and can lead users to rely on stronger protection than actually exists, increasing the chance of credential compromise from local access, backups, or malware.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to expose a webhook endpoint to the public internet and receive transcript-related events without clearly warning about privacy, metadata leakage, replay risk, and unauthorized probing. In a voice-recording skill, webhook traffic can involve highly sensitive transcripts and recording metadata, making internet exposure materially risky even if a secret is optional.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to place plaintext passwords and API keys into files via shell commands, but do not prominently warn about credential sensitivity, shell history exposure, accidental backups, or safer secret-handling alternatives. Because these credentials enable access to personal recordings and transcripts, compromise could lead to account takeover, bulk data access, or ongoing surveillance of captured audio.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to expose a local webhook receiver to the public internet via ngrok, but provides no meaningful warning about the sensitivity of the data or the risks of exposing an HTTP endpoint that may receive transcripts and metadata from wearable devices. In this skill’s context, the endpoint handles highly privacy-sensitive recording data, so missing guidance on authentication, network restrictions, and secret validation materially increases the chance of accidental data exposure or abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description emphasizes convenience features but does not clearly warn users that recordings, transcripts, summaries, metadata, and possibly audio files will be stored on local disk. Because wearable recordings can contain highly sensitive personal or workplace conversations, inadequate upfront disclosure creates a meaningful privacy and consent risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes transcripts, summaries, and metadata from wearable recordings directly to disk under the user's home directory without any consent prompt, warning, retention control, or permission hardening for the created files. Because these artifacts can contain highly sensitive conversations and personal data, silent local persistence materially increases privacy and confidentiality risk if the machine is shared, backed up insecurely, or later compromised.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script logs the full webhook payload to disk, which can include transcripts, metadata, device identifiers, and other sensitive personal data from wearable recordings. In this skill's context, persistent logging of raw webhook contents increases privacy and data-exposure risk because webhook inputs are expected to contain user recording data, and the log file may be readable by other local users, backups, or support tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The handler writes transcript text and metadata directly to local storage, creating a persistent copy of potentially sensitive conversation content from Omi wearable devices. Given the skill's purpose is to sync and organize recordings, local persistence is expected functionally, but it is still a real security/privacy issue if done without safeguards such as access controls, minimization, retention policy, or user awareness.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Get your Omi API key from https://omi.me/developer or your self-hosted backend
2. Store it securely:
```bash
mkdir -p ~/.config/omi
echo "YOUR_API_KEY" > ~/.config/omi/api_key
chmod 600 ~/.config/omi/api_key
```
Confidence
96% confidence
Finding
mkdir -p ~/.config/omi echo "YOUR_API_KEY" > ~/.config/omi/api_key chmod 600 ~/.config/omi/api_key ``` 3. Configure backend URL (defaults to https://api.omi.me): ```bash echo "https://api.omi.me" > ~

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal