ClawHub
Back to skill

Security audit

OnceHub

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow OnceHub helper that uses the OOMOL CLI to read booking-related data, with no concrete evidence of hidden, destructive, or exfiltrating behavior.

Install this only if you are comfortable using OOMOL as the broker for your OnceHub account. Review any oo CLI installation command before running it, and keep use to the listed read-only actions unless a future version clearly documents write actions and asks for explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and description frame the skill as limited to 'searching and reading data', but the body instructs the agent to inspect and run arbitrary OnceHub actions and explicitly discusses possible [write] and [destructive] operations. This mismatch can cause an agent or reviewer to trust the skill as read-only while it is actually capable of state-changing behavior, increasing the chance of unintended or unauthorized modifications.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text says to use this skill for 'ANY OnceHub request' and 'instead of calling the API directly,' which is overly broad and can route unrelated or higher-risk OnceHub tasks through this skill without sufficient scoping. In context, this is more dangerous because the same skill documentation contemplates arbitrary actions, including write or destructive ones, so broad auto-invocation increases the likelihood of misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal