ClawHub

Agiled

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Agiled integration, but it gives an agent broad authenticated access to business records without clear safeguards for write or delete operations.

Install only if you trust Membrane and intend to let an agent access the connected Agiled account. Use the least-privileged Agiled account available, prefer listed read-only actions, and require explicit approval with the exact endpoint, method, target record, and payload before creating invoices, changing records, deleting data, or using proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest description materially understates the skill's actual capabilities. While presented as managing a narrow set of Agiled objects, the body of the skill enables access to many more resources and even arbitrary API operations, which can cause agents or users to invoke broader functionality than expected and weaken least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy-request feature allows arbitrary requests to Agiled API endpoints, which significantly broadens the skill beyond curated actions. This creates a powerful escape hatch that can be used to access sensitive data or perform unexpected operations, especially when an agent relies on the skill's higher-level description rather than fully auditing the raw-request capability.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly supports POST, PUT, PATCH, and DELETE through direct API requests but does not warn that these can create, modify, or delete business data. In an agent setting, that omission increases the chance of accidental destructive actions because operators may treat the examples as routine rather than high-risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal