ClawHub

Dailybot

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking DailyBot integration, but it gives an agent broad authenticated power to change organization data and contact people without clear safeguards.

Install only if you trust Membrane and intend to let an agent operate on your DailyBot workspace. Use a least-privilege DailyBot account, review any update/delete/invite/message/email/webhook/proxy request before it runs, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest describes the skill narrowly as managing DailyBot users, roles, goals, and organizations, but the body exposes significantly broader capabilities including messaging, email, reminders, webhooks, invitations, and arbitrary API proxying. This mismatch can cause the skill to be selected or trusted under false assumptions, increasing the chance that broader-impact actions are invoked without appropriate scrutiny.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The proxy-request section allows arbitrary authenticated requests to the DailyBot API, which is materially broader than the stated purpose of managing DailyBot data through curated actions. This bypasses the safety and scope constraints of predefined actions and can enable access to undocumented endpoints, bulk data extraction, configuration changes, or other sensitive operations using the user's authenticated connection.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation description is broad enough to match many generic DailyBot-related requests without clear boundaries on read-only versus write, admin, or messaging behavior. Over-broad routing increases the likelihood that the skill is invoked in contexts where its more sensitive capabilities, such as sending messages or changing organization resources, are not expected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal