ClawHub
Back to skill

Security audit

Ollang SKILLS

Security checks across malware telemetry and agentic risk

Overview

This Ollang skill is a coherent API integration, but it can upload files and change paid/account-affecting translation work with broad triggers and uneven confirmation guidance.

Install only if you intend to let an agent use your Ollang account. Before uploads, order creation, reruns, cancellations, human review, QC, callbacks, or document-link display, require the agent to show the exact file, order ID, destination, settings, callback URL, and any billing or credit impact, then wait for explicit approval. Use a revocable or limited API key if Ollang supports it, and avoid using the skill with confidential files unless sharing them with Ollang is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to set an API key and use skills that can upload files, create orders, cancel work, and otherwise affect account data, but it does not clearly warn that these actions may transmit sensitive content to a third-party service or incur account-impacting changes. In an agent-driven context, lack of explicit privacy and action warnings increases the risk that users invoke the skill on sensitive files or authorize unintended operations without understanding the consequences.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad enough that an agent could match ordinary user requests such as 'translate this to Spanish' or 'check order status' and invoke Ollang automatically, even when the user did not explicitly intend to use this external service. In a skill that performs authenticated, data-affecting API calls, ambiguous invocation scope raises the chance of accidental uploads, order creation, or disclosure of project metadata to the platform.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description says to use this skill whenever the user mentions Ollang or wants any translation/captioning/dubbing workflow, which is broad enough to trigger routing in situations where the user did not explicitly ask to invoke this integration. Over-broad activation can cause unintended API-oriented actions, unnecessary credential checks, or misrouting away from safer/general assistance, especially because this is a master skill that delegates into multiple operational sub-skills.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to display document download URLs and QC evaluation details without any privacy warning, data-minimization guidance, or confirmation step. Order documents and QC summaries may contain sensitive business content, user-generated media, or reviewer feedback, so automatically surfacing them can increase accidental data disclosure, especially in shared chat contexts or when the requester is not the intended recipient.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly routes order data to Ollang's external QC API but does not instruct the agent to warn the user that translation content will leave the local/system context for third-party processing. In a translation workflow, order contents may include sensitive business, legal, or personal text, so omission of a disclosure and consent step creates a real data-handling and privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The callbackUrl feature allows QC results to be delivered to another HTTPS endpoint, but the skill does not warn that results may be sent to a third-party server controlled by the user or another party. That omission increases the chance of accidental disclosure of summaries, scores, and segment-level evaluation data to unintended recipients.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.