ClawHub

Fillout

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Fillout connector, but its setup instructions include direct remote script execution and it can read, create, and delete authenticated Fillout data.

Review this before installing if you are not comfortable with OOMOL managing the Fillout connection. Install the oo CLI through a safer reviewed or vendor-documented path where possible, and only connect a Fillout API key with the minimum permissions you need. Confirm every create or delete request carefully because the skill can change or remove Fillout submissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
96% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal