ClawHub

Gleap

Security checks across malware telemetry and agentic risk

Overview

This Gleap reporting skill is coherent, but it can expose support data to third-party services and scheduled jobs without enough privacy and control guidance.

Install only if you intend to let an agent use a Gleap service-account token for support analytics. Use least-privilege credentials, avoid raw ticket exports unless necessary, redact customer names, emails, comments, and ticket titles before using LLMs or external tools, verify Slack/Notion destinations, and only enable scheduled reports if you can monitor, rotate, and disable them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The Gleap skill is scoped as a support analytics and ticket-management integration, but this section expands it into outbound transmission to third-party services and local file staging. That creates a real data-governance risk because support ticket titles and analytics may contain sensitive customer or operational information, yet the documentation normalizes exporting them externally without any consent, minimization, or classification warning.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The cron/scheduled automation examples extend the skill from interactive analytics into persistent scheduled execution on the host. In an agent context, this is dangerous because it encourages creation of ongoing jobs that repeatedly access tokens and exfiltrate summaries to external endpoints, increasing blast radius beyond a single user request.

Intent-Code Divergence

Low
Confidence
95% confidence
Finding
The topic-analysis example sends raw support ticket titles to Anthropic's external API while framing it as a simple analysis pattern. Ticket titles frequently contain customer names, emails, product identifiers, incident details, or other sensitive business context, so transmitting them to an external LLM without warning or redaction is a genuine confidentiality issue.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is extremely broad and includes generic support-reporting and analytics phrases, which can cause this skill to activate for loosely related requests. That increases the chance the agent will route user tasks into a capability that accesses external support systems and sensitive ticket data without sufficiently clear user intent or scope confirmation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly advertises access to ticket data, support metrics, exports, and raw event logs but does not warn that these may contain sensitive customer communications, identifiers, or internal operational data. In practice, this can normalize broad retrieval of support data and lead to over-collection or disclosure beyond what the user intended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly shows API responses for `/statistics/raw-data` and `/tickets` that include personal data such as customer and agent names and email addresses, but provides no privacy, minimization, retention, or access-control warning. In an agent skill context, this increases the likelihood that integrators will retrieve, process, export, or surface personally identifiable information without adequate safeguards, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This example lacks any warning that support ticket titles are customer-derived content and may contain sensitive or regulated data. In the context of a support skill, silent forwarding of that content to an external LLM materially increases privacy, confidentiality, and compliance risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The Notion and Slack integration examples encourage posting support analytics to third-party services without clearly disclosing that operational support data is leaving the original system. Even if the examples use aggregate counts, support metrics, team performance, and escalation data can still be sensitive internal information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal