ClawHub

AWS STS

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can issue AWS temporary credentials while its description and safety guidance understate that high-impact authority.

Install only if you trust OOMOL and intend the agent to request AWS STS temporary credentials through your connected account. Before use, confirm each AssumeRole or federated credential request, verify the target role/scopes/session duration, and prefer installing the oo CLI through a verified package or inspected installer rather than a pipe-to-shell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest claims this skill is for AWS STS 'searching and reading data,' but the documented actions can mint temporary AWS credentials via AssumeRole and federation. This mischaracterization can cause an agent or user to treat the skill as read-only when it actually enables privilege acquisition, increasing the chance of unsafe invocation and under-scoped review.

Intent-Code Divergence

Low
Confidence
74% confidence
Finding
The safety section frames risk mainly around create/update/delete style state changes, but STS credential issuance is dangerous even though it does not mutate AWS resource state. This can mislead operators into treating AssumeRole or federated credential requests as inherently safe, despite their ability to expand access and enable follow-on actions elsewhere in AWS.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger text says to use this skill for 'ANY AWS STS request,' which is overly broad and may cause automatic invocation in ambiguous situations. In context, that is risky because the skill includes actions that can issue temporary credentials, so broad routing increases the chance of unintended privilege-related operations.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
94% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal