ClawHub

Prerender

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Prerender/OOMOL connector helper with expected cache and sitemap management authority, though users should review payloads before state-changing actions.

Install this only if you intend to let agents manage your Prerender account through OOMOL. Before any cache clear, recache, or sitemap submission, confirm the exact URLs, wildcard patterns, and expected effect. Only run the `oo` installer if you trust OOMOL’s CLI distribution path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
Lines L03 and L20 describe checking whether a cache clear job is running, which is a read-only status retrieval. The warning at L25 says the action removes or overwrites Prerender data, directly contradicting the documented behavior of this specific action.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The description says to use this skill for "ANY Prerender request" and "Whenever a task involves Prerender," which is extremely broad and lacks boundaries or negative examples. In a manifest/markdown context, this can overlap with many ordinary mentions of Prerender and does not clearly specify when the skill should or should not activate.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
90% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal