ClawHub

Osori

Security checks across malware telemetry and agentic risk

Overview

Osori is a disclosed local project registry tool; it reads project metadata, writes its registry/cache, and may query GitHub as part of its stated workflow.

Install only if you want an agent to maintain a local project registry, inspect git metadata, and optionally query GitHub through gh. Prefer explicit slash commands for add/remove/scan/switch operations, review configured discovery roots and OSORI_SEARCH_PATHS, and be aware that GitHub PR/issue counts may reveal repository identifiers and request timing to GitHub.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The switch handler performs outbound GitHub lookups for issue and PR counts during a local project-selection workflow, which expands the skill's trust boundary and can leak repository metadata or user activity timing to an external service. In a local registry/context loader, this behavior is surprising and increases privacy, availability, and policy risk, especially if `repo` can be influenced by registry or remote configuration.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The auto-trigger phrase `work on X` is extremely broad and likely to appear in normal conversation unrelated to this skill. Because this skill can switch project context, run git/gh commands, scan paths, and load repository context, unintended activation could expose local project metadata or cause side effects in the wrong project context.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The auto-trigger phrase `add project` is generic and can easily match ordinary discussion, causing the skill to activate unexpectedly. In this skill's context, activation may lead to file writes to the registry, path handling, scanning directories, and persistent changes to local state, so accidental triggering has meaningful integrity and privacy impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal