ClawHub

Cdr Platform

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill connects an agent to an external CDR service, but the artifact mixes unrelated CDR meanings and allows purchases or broad authenticated API changes without clear guardrails.

Review before installing. Only use this if you can verify the exact CDR tenant and Membrane connection being used. Use a least-privilege account, avoid purchase actions unless explicitly intended, and require confirmation before any POST, PUT, PATCH, DELETE, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims to be a CDR Platform integration, but the content is largely generic Membrane CLI guidance and even includes a fallback statement admitting limited app-specific knowledge. This mismatch can cause an agent to invoke the skill in inappropriate contexts and operate on the wrong service or with incorrect assumptions, increasing the chance of unintended external actions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The listed 'popular actions' refer to carbon dioxide removal purchases and certificates, which contradict the stated FFIEC CDR Platform context. This is dangerous because it strongly suggests the skill may route users toward unrelated operations, causing mis-execution, data mishandling, or unintended purchases in a different system.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents raw proxy requests with support for POST, PUT, PATCH, and DELETE but provides no guardrails, approval requirements, or warnings about destructive effects. In an agent setting, this increases the risk of silent data modification or deletion against an external system based on ambiguous prompts or incorrect endpoint usage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal