ClawHub

Omie ERP

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill largely matches its Omie ERP purpose, but its webhook receiver is broadly exposed and unauthenticated while handling sensitive business events.

Review this skill carefully before installing. It is coherent for Omie ERP access, but use restricted Omie credentials and do not expose the webhook receiver publicly unless you add authentication, network restrictions, and safer logging.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI03: Identity and Privilege Abuse
What this means

Whoever can run the skill with these credentials can retrieve the Omie ERP data available to that app key, including financial and customer records.

Why it was flagged

The skill needs Omie API credentials to access ERP data. This is expected for the stated integration, but the registry metadata lists no required env vars or primary credential.

Skill content
Requer variáveis de ambiente:
export OMIE_APP_KEY="your_app_key_here"
export OMIE_APP_SECRET="your_app_secret_here"
Recommendation

Use least-privilege Omie credentials where possible, set them only in trusted environments, rotate them if exposed, and update metadata so users know credentials are required.

Medium
#ASI07: Insecure Inter-Agent Communication
What this means

If the webhook receiver is reachable on a network, unauthorized parties could send fake ERP events, and legitimate webhook payloads containing business data may be written to logs.

Why it was flagged

The webhook server binds to all interfaces by default, accepts any POST body as a webhook, logs the full payload, and returns success without visible source, signature, or shared-secret validation.

Skill content
parser.add_argument('--host', default='0.0.0.0', help='Host to bind to') ... payload = json.loads(body.decode('utf-8')) ... print(json.dumps(log_entry, indent=2, ensure_ascii=False), file=sys.stderr) ... self.send_response(200)
Recommendation

Bind to localhost unless intentionally exposing it, place it behind a trusted reverse proxy, require a webhook secret or signature check, restrict accepted paths/sources, and avoid logging full sensitive payloads by default.