ClawHub

Ipregistry

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Ipregistry connector that runs read-oriented lookup actions through the OOMOL oo CLI, with some setup and scoping cautions but no artifact-backed malicious behavior.

Install only if you trust OOMOL and are comfortable routing Ipregistry lookup data through its connected-account CLI. Review the oo CLI installer before running the first-time setup command, and avoid sending sensitive IP or user-agent data unless that is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The manifest and available-actions list describe this skill as handling Ipregistry searching and reading data, and the listed actions are all lookup/parse operations. The Safety section, however, warns about create/update/post/delete actions that are not part of the documented capability set, which contradicts the stated scope and could mislead an agent about what this skill can do.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation description is very broad and does not define specific trigger phrases, exclusions, or limits on when the skill should or should not be invoked. This can cause unintended invocation for any mention of Ipregistry, even in contexts where using the skill may not be appropriate.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
90% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal