ClawHub

Baserow

Security checks across malware telemetry and agentic risk

Overview

This is a sensitive but coherent Baserow integration that can read, change, delete, and upload data through Maton's proxy as documented.

Install only if you trust Maton to proxy Baserow requests and manage the connected Baserow credential. Use a least-privileged Baserow token, keep MATON_API_KEY secret, specify the intended connection when relevant, and approve writes, deletes, batch operations, and file uploads only after checking the exact target and effect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The declared scope omits file upload support even though the skill documents both direct file upload and upload-via-URL operations. Hidden write/exfiltration-capable features reduce transparency and can cause users or higher-level agents to approve use of a skill without understanding that it can move file content to third-party services.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The declared scope omits file upload support even though the skill documents both direct file upload and upload-via-URL operations. Hidden write/exfiltration-capable features reduce transparency and can cause users or higher-level agents to approve use of a skill without understanding that it can move file content to third-party services.

Intent-Code Divergence

Low
Confidence
74% confidence
Finding
The documentation states that write operations require explicit user approval, but the examples normalize direct create/update/delete usage without embedding any confirmation workflow. In agent settings, this inconsistency can lead implementers to skip approval checks and perform destructive actions on user data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal