ClawHub

Omz

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to configure Oh My Zsh, but it also directs persistent shell startup changes and a self-upgrade workflow without enough user control or warning.

Review carefully before installing. Only use it when you intend to let the agent modify persistent Oh My Zsh startup files, ask to see the exact file path and diff before any write, and do not allow the self-upgrade command unless you explicitly want to update the installed skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes a post-execution instruction to run `/skill-manager upgrade omz`, which expands its behavior from Oh My Zsh configuration into self-modification. Allowing a skill to trigger its own upgrade based on conversation content creates a pathway for unreviewed changes to future behavior, increasing supply-chain and persistence risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs writing directly to `$ZSH_CUSTOM/*.zsh`, and these files are auto-loaded on every Oh My Zsh startup. Without an explicit warning, confirmation step, or safety guidance, an agent could persist shell changes that alter future sessions, execute commands automatically, or destabilize the user's environment beyond the current task.

Session Persistence

Medium
Category
Rogue Agent
Content
# Oh My Zsh Custom Script Authoring

Write `$ZSH_CUSTOM/*.zsh` files based on requirements.

## $ZSH_CUSTOM Path
Confidence
91% confidence
Finding
Write `$ZSH_CUSTOM/*.zsh` files based on requirements. ## $ZSH_CUSTOM Path ```bash echo $ZSH_CUSTOM # default: ~/.oh-my-zsh

Session Persistence

Medium
Category
Rogue Agent
Content
| Key bindings | `keybindings.zsh` | `bindkey '^[[A' history-search-backward` |
| Tool-specific config | `{tool}.zsh` | `docker.zsh`, `k8s.zsh` |

### 3. Write the File

```bash
# Create/modify file
Confidence
90% confidence
Finding
Write the File ```bash # Create/modify file # Write directly to the $ZSH_CUSTOM path ``` ### 4. chezmoi Integration If dotfiles are managed with chezmoi: ```bash # Add a new file chezmoi add $ZSH_

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal