ClawHub

Amazon Polly

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Amazon Polly/Membrane integration, but it deserves review because it grants broad authenticated API access beyond the narrow Polly actions listed.

Install only if you intend to connect Amazon Polly through Membrane and trust Membrane with delegated access. Use least-privilege AWS permissions, avoid sending sensitive text unless that data flow is acceptable, and require explicit approval before direct proxy calls, especially POST, PUT, PATCH, DELETE, or anything that may incur AWS costs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill documentation explicitly enables arbitrary proxied HTTP requests with multiple methods, which materially expands capability beyond narrowly scoped Polly operations. In an agent setting, this creates a confused-deputy risk where the skill can be used to access or modify broader AWS-connected functionality than the manifest suggests, reducing least-privilege transparency for users and orchestrators.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill exposes generic action discovery and execution primitives rather than only Polly-specific operations. This broadens the operational surface and may let an agent discover and invoke capabilities not obvious from the skill name, making misuse or overreach more likely in automated workflows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is overly broad ('manage data, records, and automate workflows'), which can cause the skill to be selected for generic data-management tasks unrelated to Amazon Polly. In agentic systems, broad routing language increases the chance of inappropriate invocation and unintended access to external actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal