ClawHub

FlashRev AI Enrich

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but its customer_api feature can make arbitrary local HTTP requests with mapped lead data and lacks clear safety limits.

Install only if you trust the FlashRev workflow and will keep customer_api tightly controlled. Before using customer_api, confirm the exact destination domain, avoid localhost/private-network/metadata URLs, do not pass secrets in headers or bodies unless intended, and review which CSV columns will be sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The skill summary minimizes network exposure by saying the CLI never calls external providers directly except `customer_api`, but `customer_api` is later described as fetching arbitrary user-provided URLs locally. In an agent setting, this materially expands the trust boundary: the tool can send row data, headers, bodies, or params to arbitrary third-party endpoints, enabling unintended data disclosure or SSRF-like access if the agent is induced to call sensitive URLs.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The contract explicitly defines a `customer_api` capability where the CLI fetches a user-provided URL locally. That creates a direct network egress surface from the agent host, which can be abused for SSRF, access to internal-only services, cloud metadata endpoints, or other unintended network interactions if untrusted input can influence the URL. In this skill context, the danger is elevated because the tool is designed for agents to automate enrichment workflows over user-supplied data, making it plausible that URLs could be passed through without sufficient scrutiny.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`customer_api` allows arbitrary outbound requests with controllable URL, method, headers, body, and params, yet the skill does not clearly warn that mapped CSV fields or inline inputs may be transmitted to third-party services. In an agent workflow, this can cause accidental exfiltration of personal, proprietary, or credential-bearing data, and may also be abused to probe internal services if destination controls are absent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that the CLI will fetch a user-provided URL locally but does not warn about the security implications of doing so. In an agent-facing skill, missing documentation is security-relevant because operators may assume the tool only talks to the FlashRev backend, when in fact this feature can trigger arbitrary outbound requests from the local environment. That misunderstanding increases the likelihood of unsafe use and makes SSRF-style abuse or accidental access to sensitive internal resources more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal