ClawHub

waboxapp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Waboxapp/OOMOL connector wrapper for checking account status and sending WhatsApp messages, with the main risk being ordinary account-message authority plus a documented CLI install command.

Install only if you trust OOMOL and intend to let an agent send WhatsApp messages through your connected Waboxapp account. Confirm recipients, message content, and media URLs before any send action, and review the OOMOL CLI install source if the CLI is not already installed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
90% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal