ClawHub
Back to skill

Security audit

Memberstack CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Memberstack CLI helper with safety controls, though users should handle member data, passwords, and live destructive commands carefully.

Install only if you intend to let an agent help administer a Memberstack account. Use sandbox unless you explicitly need live changes, review destructive commands before confirming, avoid real passwords in command history or shared files, protect member export/import files, and log out of Memberstack CLI when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to execute shell commands and read local reference/script files, but it does not declare permissions for those capabilities. This creates a transparency and policy-enforcement gap: a host system or reviewer may assume the skill is non-executing while it can in fact invoke the shell and access local files.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The plugin description explicitly says to trigger whenever the user mentions broad terms like "memberstack," "membership management," or member data operations, which can cause the skill to activate outside narrowly intended contexts. Over-broad invocation increases the chance an agent routes sensitive account-management requests to this skill unintentionally, potentially exposing member data or enabling unintended administrative actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text is broad enough to activate on generic mentions of Memberstack, membership management, or member data operations, which can cause unintended invocation in contexts where the user did not ask to run this CLI skill. Unnecessary activation increases the chance of exposing local execution and authenticated account operations in the wrong context, including destructive production actions if later prompted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows `--password` values directly on the command line, which commonly exposes credentials through shell history, process listings, terminal logging, and shared screenshots or transcripts. In a CLI skill focused on account management, this is especially risky because it normalizes unsafe secret-handling practices for real user credentials.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The delete command is documented without any warning about irreversibility or confirmation safeguards, which increases the chance of accidental destructive actions against live member accounts. In a membership-management CLI, this context makes the omission more dangerous because operators may run commands against production data directly from copied examples.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The export command writes member data to local files without warning that the output may contain sensitive personal and account-related information. This can lead to insecure storage, accidental commits, broad filesystem exposure, or transfer of unencrypted backups, which is particularly relevant in a tool designed to bulk-manage member data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The import documentation states that input files include required `password` fields but does not warn that these files therefore contain highly sensitive credentials and personal data. This creates risk of unsafe file handling, reuse of real passwords in examples, accidental repository inclusion, and long-lived plaintext credential archives.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal