ClawHub

Abstract Ip Geolocation Api

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an email-verification integration, but it is packaged under an IP-geolocation name, which can cause users or agents to connect the wrong service.

Install only if you intend to use Abstract Email Verification, not IP geolocation. Confirm the Membrane connection targets the expected Abstract API service, prefer discovered actions over raw proxy calls, and require explicit user approval before transmitting personal email addresses or using mutating HTTP methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest names the skill as an IP geolocation integration, but the description/documentation clearly target the Abstract Email Verification API. This mismatch can cause an agent or user to invoke the wrong external capability, leading to confused-deputy behavior, unintended data handling, and incorrect authorization to a different service than expected.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The title and overview reinforce Email Verification behavior while the skill is named as an IP geolocation API, increasing the likelihood that automation selects or grants access to the wrong integration. In agentic environments, this kind of semantic mismatch is dangerous because tool-routing and user trust often rely on names and summaries rather than deep inspection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal