ClawHub

Codacy

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Codacy read-only connector skill, with one installer command that users should verify before running.

Install this only if you intend to let an agent read Codacy data available through your connected OOMOL/Codacy account. Before running the oo CLI installer command, verify the OOMOL install guide or use a trusted package/install method; use a Codacy token scoped only to the organizations and repositories you are comfortable exposing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
98% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal