ClawHub

Clicksend Sms

Security checks across malware telemetry and agentic risk

Overview

This is a real ClickSend messaging integration, but it gives an agent broad authenticated authority to send, cancel, delete, and proxy API requests without clear confirmation safeguards.

Install only if you trust Membrane and ClickSend with the relevant messaging account. Use a least-privileged or dedicated ClickSend connection where possible, verify the CLI package/version before global install, and require explicit user confirmation before sending messages, deleting or updating templates, canceling scheduled messages, or using the raw API proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation materially broadens the advertised capability from SMS/MMS/contact lists to additional channels like email, voice, and direct mail. That scope expansion can cause an agent or operator to use the skill for actions outside the declared trust boundary, increasing the chance of unexpected external operations and policy bypass.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
Listing voice-message support in the overview creates a mismatch between what the skill declares and what users or agents may believe it is authorized to do. In an agent setting, this can lead to unintended invocation for telephony-related actions that carry cost, compliance, and user-impact risks.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The proxy request section enables effectively arbitrary authenticated API access through Membrane, bypassing the narrower set of documented actions. This significantly enlarges the operational surface area and may permit destructive, sensitive, or non-reviewed API calls beyond the skill's stated purpose.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that the skill could be selected for vague requests involving ClickSend data, even when the user's intent is ambiguous. Over-broad triggering increases the chance of the agent accessing messaging functionality or operational data without sufficiently specific user authorization.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explains how to send SMS and perform direct API requests but does not require confirmation or warn about real-world effects such as charges, outbound communications, and potentially irreversible actions. In an autonomous or semi-autonomous agent workflow, this omission raises the risk of unauthorized or accidental external actions affecting third parties.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal