ClawHub

Breeze

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Breeze read-only integration, with some setup and wording risks users should notice before installing.

Install only if you trust OOMOL and intend to let your agent read Breeze people, profile-field, and tag data through an OOMOL-connected account. Treat the installer command as privileged code execution: prefer reviewing the install guide or installer contents first, and do not ask the agent to perform Breeze write/delete operations through this read-focused skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest advertises the skill as only for 'searching and reading data,' but the body explicitly instructs use for any Breeze action and includes guidance for state-changing operations. This mismatch can cause an agent or user to invoke the skill under a read-only trust assumption when the skill’s actual operational scope is broader, increasing the chance of unintended writes or destructive actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase 'Use this skill for ANY Breeze request' is an overly broad activation trigger that can cause the skill to be selected for tasks outside its intended safe subset. In this file, that ambiguity is compounded by the later inclusion of state-changing operations, so broad matching may route sensitive Breeze tasks through a skill the caller may assume is only for search/read access.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
97% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal