ClawHub

Huo15 Knowledge Base Enterprise

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Odoo knowledge-base sync skill, but it handles enterprise content and credentials in ways users should review carefully before installing.

Install only if you trust the publisher and intentionally want wiki content synced to the configured Odoo instance. Replace the bundled enterprise config before use, use a least-privilege Odoo account, run dry-run first, avoid storing passwords or API tokens in Odoo Knowledge unless your organization has explicitly approved it as a secrets system, and avoid install-all-agents.sh unless you intentionally want to modify every local agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to match ordinary knowledge-base requests, increasing the chance that this enterprise skill activates unexpectedly. In context, accidental activation is more dangerous because the skill includes file, network, and external-sync behaviors that could operate on sensitive enterprise content or credentials.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to place a live Odoo password directly in a local JSON config file, but provides no warning about secret sensitivity, file permissions, encryption, or safer alternatives. In an enterprise knowledge-base integration context, this can lead to credential leakage through source control, backups, shared workspaces, screenshots, or endpoint compromise, potentially exposing the connected Odoo instance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads the full prompt file and sends its contents to a configured external LLM endpoint via HTTP without any explicit disclosure, consent check, or redaction step. In an enterprise knowledge-base context, prompts may contain internal documents, credentials, URLs, or other sensitive business data, so silent transmission to a third-party provider creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes generated wiki files directly to paths derived from LLM output filenames using write mode, which can create or overwrite files in the target directory without warning. Because filenames come from model output and are only joined with wiki_dir, this can lead to unintended data loss and potentially path traversal outside the intended directory if a crafted filename such as ../../target is returned.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script generates a prompt that explicitly tells an LLM to directly modify wiki files, creating a path for uncontrolled AI-driven file changes. Because the prompt is built from all wiki content, adversarial or malformed page content could influence the model's repair decisions and lead to unintended or unsafe edits without an approval gate.

VirusTotal

No VirusTotal findings

View on VirusTotal