ClawHub

Dandelion

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dandelion/Membrane text analytics skill, but users should understand that text and API requests may be sent to external services.

Install only if you trust Membrane and Dandelion with the text you ask the agent to analyze. Connect only the intended account, prefer listed actions over raw proxy requests, and require confirmation before any POST, PUT, PATCH, or DELETE request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest/metadata says the skill is for managing organizations, but the body documents Dandelion text-analytics operations plus generic API access. This mismatch can cause an agent or user to invoke the skill under false assumptions, leading to unintended external requests and transmission of user data to a third-party service outside the advertised scope.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation presents a different operational scope than the skill description, creating deceptive or confusing behavior boundaries. In security-sensitive agent environments, capability ambiguity increases the chance of overbroad invocation and accidental disclosure of user text or data to external services.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation phrase 'Use when the user wants to interact with Dandelion data' is broad enough to trigger the skill in many loosely related situations. Overbroad routing can cause the agent to select this network-enabled integration unnecessarily, increasing the risk of sending user content to an external provider without a clearly scoped need.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents direct proxy/API requests but does not warn that user-provided text, documents, or metadata may be transmitted to Dandelion through Membrane. This omission can lead to privacy violations or compliance issues when sensitive content is processed by a third-party service without clear notice or consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal