Aha Opencode Omo
Security checks across malware telemetry and agentic risk
Overview
The artifacts define repo-local workflow skills with some powerful admin and review capabilities, but those capabilities are disclosed, purpose-aligned, and gated by user or operator control.
Install this only if you expect ClawHub/Convex maintainer workflows. Some skills can guide an agent through admin CLI actions, signed-off email sends, production migrations, package installs, and external AI review tools, so use them with the documented confirmation gates and avoid feeding private code or secrets to review engines unless that is acceptable for your environment.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.