ClawHub

Omie ERP

Security checks across malware telemetry and agentic risk

Overview

This Omie ERP skill is coherent, but needs review because its webhook listener is broadly exposed and logs complete sensitive ERP event payloads.

Install only if you trust the environment and Omie credentials used with it. Use least-privilege Omie app keys, avoid exposing the webhook publicly unless you add authentication and network controls, and disable or tightly restrict full payload logging before processing real ERP events.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires access to environment variables and network communication to operate, but it does not declare those permissions explicitly. This creates a transparency and policy-enforcement gap: the skill can access sensitive API credentials and send data externally without users or the platform clearly understanding its privileges.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation text is very broad and could cause the skill to trigger on many routine ERP, finance, invoice, stock, or client-related requests. In this context, overbroad routing is risky because the skill handles business-sensitive and financial data, so accidental invocation could expose or manipulate enterprise information beyond user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to run a webhook listener on an HTTP port without warning about exposing a network endpoint or validating untrusted external input. A publicly reachable webhook receiver can become an entry point for spoofed events, denial-of-service, or unintended processing of attacker-controlled data if authentication, signature verification, and network restrictions are not enforced.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The handler logs the full webhook payload, which may contain sensitive ERP data such as client details, invoices, financial records, or stock/order information. Because this service binds to 0.0.0.0 and is intended for real-time webhook ingestion, routine logging of complete payloads increases the chance of sensitive-data exposure through stderr collection, container logs, centralized logging systems, or support access.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal