ClawHub
Back to skill

Security audit

OpenMerch Company Brief

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenMerch company lookup that uses an API key to send one company domain to OpenMerch and return the paid enrichment result.

Install only if you intend to use OpenMerch and are comfortable with each lookup consuming OpenMerch credits. Keep OPENMERCH_API_KEY private, review the quoted cost before execution, and avoid setting OPENMERCH_BASE_URL to an endpoint you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal