ClawHub
Back to skill

Security audit

Cardly

Security checks across malware telemetry and agentic risk

Overview

This Cardly skill is mostly a scoped read-only connector wrapper, with setup and debugging steps that users should approve deliberately.

Install only if you are comfortable using OOMOL’s oo CLI with your Cardly account. Approve any CLI install, login, Cardly connection, billing, or echo-debugging step explicitly, and avoid sending sensitive personal data in the echo payload unless you intend to test that authenticated endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest advertises the skill as only for searching and reading data, but the file also instructs authentication, account connection, and CLI installation steps that change user/account/system state. This mismatch can cause an agent or user to treat the skill as read-only and execute setup or login actions without appropriate consent or risk framing.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The safety section states that untagged actions are reads and safe to run directly, yet the untagged `echo` action sends arbitrary JSON to an authenticated endpoint. Even if intended for debugging, arbitrary authenticated requests can trigger side effects, leak sensitive account-context data, or be abused as a proxy for unintended operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to use this skill for ANY Cardly request is overly broad and can cause the agent to route all Cardly-related tasks through a single skill without checking whether the request is appropriate, supported, or safe. Broad trigger language increases the chance of misuse, overreach, and accidental execution in contexts that need narrower authorization or different handling.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal