ClawHub

ClassMarker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ClassMarker data-reading connector, with some setup and scoping caveats users should understand before using it.

Install this only if you trust OOMOL and want your agent to read ClassMarker data through an OOMOL-connected account. Review the OOMOL CLI installer before running the remote install command, and make sure the ClassMarker API key used has only the access needed because the listed actions can read recent results across all groups or links the key can access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The top-level manifest narrows the skill purpose to ClassMarker requests for 'searching and reading data.' However, the Safety section explicitly discusses running write and destructive actions, which indicates the skill is intended to support more than read-only access. That is a semantic mismatch between the declared scope and the documented behavior.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file lists exactly five available actions, all of which are read/list result retrieval operations. Yet the Safety section warns about running create, update, send, post, delete, and remove actions, implying capabilities not actually documented in the available action list. This creates contradictory intent signals within the skill documentation.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The description says to use this skill for "ANY ClassMarker request" and "Whenever a task involves ClassMarker," which is a very broad activation condition for a manifest/markdown file. It does not define narrower trigger scope or exclusions, so ordinary mentions of ClassMarker could unintentionally activate the skill.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
90% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal