ClawHub

StackAI

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent StackAI integration, but it can execute deployed flows under a read-oriented description and includes unsafe remote installer commands, so users should review it before installing.

Install only if you trust OOMOL and understand that running StackAI flows may do more than read data. Before executing run_flow, inspect the schema, confirm the exact flow and payload, and avoid the pipe-to-shell installer unless you verify the installer source and integrity through a safer installation path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata and description frame the capability as 'searching and reading data,' but the documented `run_flow` action can execute deployed StackAI workflows whose side effects are not bounded to read-only behavior. This mismatch can mislead an agent or user into invoking a higher-privilege action under a read-only mental model, increasing the chance of unintended state changes or sensitive operations.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file gives contradictory intent signals: it markets the skill as a read/search tool while also exposing `run_flow` and only later warning that some actions may change state. In an agent setting, contradictory safety framing can cause unsafe auto-selection or underestimation of operational risk when deciding whether to run a flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for 'ANY StackAI request' is an overly broad trigger that can cause the skill to be selected for incidental mentions or ambiguous tasks. In an agentic environment, broad routing language increases the chance of unnecessary tool invocation and can bypass more context-appropriate or safer handling.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
98% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal