Skillv1.0.3

ClawScan security

Omie ERP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 1:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match an Omie ERP client + webhook receiver, but the package metadata omits the required OMIE credentials and there are minor instruction/path inconsistencies and a webhook binding that could expose event data — review before installing.
Guidance: This skill appears to implement the advertised Omie ERP API client and a simple webhook receiver, and the Python source is readable. Before installing: 1) Provide OMIE_APP_KEY and OMIE_APP_SECRET in your environment — the registry metadata omitted these but they are required. 2) Note the SKILL.md examples sometimes reference slightly different paths (e.g., skills/omie/scripts vs. scripts/) — verify file placement when invoking. 3) The webhook defaults to 0.0.0.0: if you run it, consider binding to localhost or putting it behind an authenticated, TLS-terminating proxy (or firewall) so sensitive invoice/customer events aren't exposed. 4) The webhook logs full payloads to stderr; ensure logs are stored/handled per your data-protection policies because they may include personally identifiable or financial data. 5) If you need higher assurance, inspect the included Python files yourself (they are short and straightforward) and update the registry metadata to declare the required environment variables before using the skill in production.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md implement an Omie ERP API client and a webhook receiver, which aligns with the skill name/description. However, the registry metadata does not declare the OMIE_APP_KEY and OMIE_APP_SECRET environment variables that the code and SKILL.md explicitly require — an inconsistency between declared requirements and actual runtime needs.
Instruction Scope: okRuntime instructions are narrowly scoped to calling the included Python client and starting a webhook HTTP server. The scripts only talk to Omie's API, accept CLI args, and log incoming webhook payloads; they do not read unrelated files or attempt outbound connections aside from API calls. One operational detail: the webhook defaults to binding 0.0.0.0, which will make it reachable from any network interface if run as-is (possible exposure of webhook payloads).
Install Mechanism: okThere is no install spec (instruction-only install), and the bundle includes two Python scripts. Nothing is downloaded or extracted from external URLs and no additional packages are installed by the skill itself.
Credentials: concernThe SKILL.md and code require OMIE_APP_KEY and OMIE_APP_SECRET environment variables (used to authenticate to Omie), which are appropriate for this purpose. However, the skill's registry metadata lists no required environment variables nor a primary credential — the omission is inconsistent and could lead to silent failures or confusion for users. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request elevated or persistent platform privileges (always:false). It does not modify other skills or system configuration. The only operational risk is running the webhook server (bind host default 0.0.0.0) which can expose inbound event traffic if started on an internet-facing host.