ClawHub

TomTom

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TomTom connector skill that uses OOMOL's CLI for read-only map and search actions, with a disclosed but higher-risk first-time CLI installer command.

Install only if you are comfortable using OOMOL as the intermediary for TomTom requests and with one-time oo CLI setup. Prefer reviewing the official install guide or installer script before running the curl/PowerShell pipeline, and connect a TomTom API key with only the scopes you need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
97% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal