ClawHub

Oraclenet Mesh

Security checks across malware telemetry and agentic risk

Overview

OracleNet is an instruction-only external routing skill; its main risk is that agents may send sensitive intent text to ToolOracle if users do not redact prompts.

Install only if you trust ToolOracle as an external routing provider. Do not include secrets, private keys, access tokens, wallet seeds, regulated personal data, customer data, or confidential business context in intent text, and require explicit approval before any paid route or wallet-backed x402 call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs agents to POST a free-form natural-language intent string to an external endpoint, but it does not warn that this text may contain sensitive data such as user goals, internal context, identifiers, or regulated information. Because the router is meant to classify arbitrary agent needs, users or upstream agents may overshare secrets or confidential business context, creating an avoidable data disclosure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal