ClawHub

ClickUp

Security checks across malware telemetry and agentic risk

Overview

This ClickUp skill is coherent and purpose-aligned, but users should be careful with the optional first-time CLI installer command.

Before installing, confirm you trust OOMOL and ClickUp access through its connector. Let read-only actions run normally, review every create/update payload, and require explicit approval for delete/remove actions. If the oo CLI is not installed, prefer the official install guide or a verified package/signature path instead of blindly running the curl-to-bash or PowerShell iex commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
97% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal