omadeus
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is instruction-only, but its artifacts are inconsistent: it claims to manage Omadeus while calling an unrelated-looking domain and mentioning full Trello account access.
Treat this skill as needing review before use. Confirm the official Omadeus API domain, do not provide Trello credentials, and manually inspect any curl command before allowing the agent to run it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send requests to a domain the user may not recognize as Omadeus.
The skill presents itself as using the Omadeus REST API, but the documented API call goes to milestone.xeba.ir rather than the declared homepage domain omadeus.com, making the service destination unclear.
description: Manage Omadeus entities via the Omadeus REST API. ... curl -X LIST -s "https://milestone.xeba.ir/dolphin/apiv1/nuggetviews?take=25&zone=inbox&kind=!task"
Verify that milestone.xeba.ir is an official Omadeus API endpoint before using this skill.
A user could be prompted to use or expose credentials for the wrong service or with broader account access than expected.
The skill is described as an Omadeus integration, but it references full Trello account access and the registry declares no credential requirements, creating an unexplained privilege and account mismatch.
The API key and token provide full access to your Trello account - keep them secret!
Do not provide Trello or other full-account credentials unless the skill clearly documents why they are needed, how they are scoped, and where they are sent.
The agent may perform API operations whose exact effect is not obvious from the skill documentation.
Using curl for REST operations is aligned with the stated API-management purpose, but the custom HTTP methods and possible create operations are only loosely documented.
All commands use curl to hit the omadeus REST API. ... you should use the custome method names in API calls like that 'list', 'create' ...
Review each curl command before execution, especially any command using create, update, delete, or other mutation methods.