Oracle (CLI) — best use

Name: oracle
Author: steipete

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The skill can exfiltrate local files and enable remote browser control by connecting to an attacker-controlled server.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Oracle (CLI) — best use: Oracle bundles your prompt + selected files into one “one-shot” request so another model can answer with real repo context (API or browser automation). Treat outputs as advisory: verify against the codebase + tests.

Actually does

This skill executes the `@steipete/oracle` CLI tool via `npx`. It accesses local files and directories specified by the user, respecting `.gitignore` and size limits, and bundles them with a user-provided prompt. This bundle is then sent to an AI model either through an API (requiring `OPENAI_API_KEY`) or via browser automation (e.g., ChatGPT), potentially contacting a remote host if configured.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namesteipete/oracle

Registryclawhub

Version1.0.1

PURLpkg:clawhub/steipete/oracle@1.0.1

Stars12

Downloads13,996

Installs1,093

Source

Repository ↗

SHA-256183045d44548...

SHA-17058f352b701...

MD5d5809c4b0af8...

TLSHacc1b66778cd...

ssdeep96:2GQYZmjWs...

Size5,806 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/steipete/oracle

13,996 downloads1,093 installs

ClawHubDocs

openclaw skills install steipete/oracle

Assessments (1)

AI Agent Traps ↗

Remote Host for Browser Automation (Potential Exfiltration)highdata exfiltration

The skill describes setting up a remote host (`oracle serve`) and connecting a client to it. This functionality could be abused to exfiltrate local files (which the tool can access) to an attacker-controlled remote server or to enable remote control of the browser automation.

100% confidence

Host: `oracle serve --host 0.0.0.0 --port 9473 --token <secret>`
Client: `oracle --engine browser --remote-host <host:port> --remote-token <secret>`

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/oracle.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/oracle)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/oracle"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/oracle.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/oracle.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow