ClawHub

Cloudfill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real CloudFill/Membrane integration, but it gives agents broad authenticated API and connector authority without enough scoping or confirmation guidance.

Review before installing, especially for business or sensitive CloudFill accounts. Use the Membrane connection only for CloudFill tasks you explicitly request, prefer listed actions over raw proxy requests, and require clear confirmation before POST, PUT, PATCH, DELETE, sharing, bulk export, or connector creation outside the expected CloudFill domain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is scoped and branded as a CloudFill integration, but the documented `membrane connection ensure` flow can create connectors for arbitrary apps based on any URL or domain. That creates a scope-expansion risk where an agent invoked for CloudFill tasks could be steered into connecting to unrelated third-party services, increasing the chance of unintended data access or exfiltration outside the user's expected trust boundary.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation is internally inconsistent: it describes CloudFill as a generic cloud storage service, while the listed actions and API behavior are for PDF templates and form submissions. This mismatch can cause agents or users to misunderstand what data and operations are in scope, leading to incorrect or over-privileged actions against the wrong service or dataset.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match many generic 'data' or 'workflow' requests, which can cause the skill to activate outside a narrowly intended CloudFill context. Overbroad routing increases the chance an agent will use this skill for unrelated tasks and then leverage its generic connection and proxy capabilities in unsafe ways.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs agents to use a raw proxy request capability that supports arbitrary paths, methods, headers, query parameters, and bodies, but it does not require confirmation for mutating operations or warn about sensitive data transmission. In a skill already containing scope ambiguity, this creates a direct path to unauthorized reads, writes, deletions, or bulk data transfer through the authenticated connection.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal