ClawHub

Crove

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Crove integration, but its documented scope is broader and less clearly controlled than its stated purpose suggests.

Install only if you intend to grant the agent broad authenticated access to your Crove account, including document changes and invitations. Review prompts carefully, prefer explicit user confirmation before any write or email action, and avoid using the generic proxy for sensitive or destructive endpoints unless you know exactly what request will be sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description says the skill manages Organizations, Users, Goals, and Filters, but the body documents Crove document, template, workspace, invitation, and proxy capabilities instead. This mismatch can cause the agent or user to misunderstand what the skill can access and do, leading to overbroad invocation and unintended actions against Crove resources.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly authorizes proxying requests to arbitrary Crove API endpoints, which is significantly broader than the stated management scope. That enables unreviewed read/write operations outside the documented action set, increasing the chance of data exfiltration, destructive changes, or use of sensitive endpoints without clear user awareness.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that the skill may be selected for generic Crove-related tasks without clear operational boundaries. In practice, that increases the likelihood the agent uses powerful actions or proxy access in situations where a narrower, read-only, or more specific skill should have been chosen.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises side-effecting operations such as creating documents, updating them, completing them, and sending email invitations, but it does not require explicit user confirmation or warning before external actions occur. This creates a risk of unintended changes or outbound communications being triggered by ambiguous prompts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal