ClawHub

BigPicture.io

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent BigPicture.io lookup connector, with a disclosed but optional CLI installer command that users should treat carefully.

Before installing, confirm you trust OOMOL's `oo` CLI installer and prefer reviewing the official install guide or installer contents if your environment is sensitive. The BigPicture.io actions themselves are read-only lookups, but they require a connected account and will send lookup domains or IP addresses to the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
90% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal