ClawHub

Seqera

Security checks across malware telemetry and agentic risk

Overview

This Seqera skill is mostly coherent, but it needs review because a read-focused description also includes workflow-launch authority and risky CLI install guidance.

Install only if you intend to let the agent operate Seqera through your OOMOL-connected account, including launching workflows. Review every launch payload and expected cost or resource impact before approval, and prefer installing the oo CLI through a verified release or package-manager path instead of running the pipe-to-shell commands directly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest advertises the skill as only for 'searching and reading data,' but the documented actions include `launch_workflow`, which can change Seqera state. This mismatch can mislead an agent or user into invoking a write-capable skill under the assumption that it is read-only, increasing the risk of unintended workflow launches.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation and manifest create inconsistent safety expectations: the top-level description frames the skill as suitable for searching and reading, while the action list includes a state-changing launch operation. In agentic environments, that inconsistency can cause unsafe automation decisions because routing logic may trust the manifest more than the full body text.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says the Seqera skill is for 'searching and reading data,' but this action explicitly launches a workflow, which is a state-changing execute operation. That mismatch can mislead an agent or operator into invoking a write/execute capability under a read-only trust assumption, increasing the risk of unauthorized job execution, resource consumption, or unintended changes in downstream systems.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for 'ANY Seqera request' is overly broad and encourages indiscriminate delegation without scope checks. In practice, this can bypass safer tool selection or finer-grained policy controls, especially because the skill includes both read and write functionality.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
97% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal