ClawHub

Omem

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it gives agents broad access to sensitive local work memory with an overbroad default-to-search trigger.

Review before installing if your OMem index includes confidential company, client, HR, legal, financial, or personal material. The skill is read-oriented and explicitly avoids setup or mutation commands, but it encourages agents to search private work memory on broad or implicit work-related prompts. Install only if you are comfortable with that default, and prefer using it with explicit prompts such as 'search my OMem for...' when sensitive data may be involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill directs the agent to use OMem whenever a question touches work context 'even implicitly' and to query first when in doubt. Because OMem spans highly sensitive local sources like email, calendars, documents, and notes, this broad trigger can cause unnecessary access to private data for borderline or ambiguous prompts, violating data minimization and increasing the chance of oversharing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The secondary guidance repeats broad activation rules such as triggering on many loosely defined work-related categories and 'when in doubt, call it.' This reinforces a default-to-search behavior that can expand retrieval beyond necessity, causing the agent to inspect sensitive workplace memory stores without sufficient user confirmation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description emphasizes broad access to locally indexed emails, calendars, documents, and collaboration notes but does not prominently warn that these sources may contain confidential or sensitive information. Without a clear privacy notice and consent-oriented usage guidance, the skill encourages agents to search a large corpus of private work artifacts without adequately signaling the sensitivity of that action.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly instructs agents to retrieve absolute source file paths and parsed content derived from local files, emails, calendars, and collaboration data. In this skill’s context, that materially increases the chance of exposing sensitive local-path metadata and full parsed document contents to the model or downstream responses without an explicit user-consent, minimization, or warning boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal