ClawHub

Dart

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Membrane-backed Dart service integration, but its labeling can confuse users with the Dart programming language and it allows broad authenticated API actions.

Install only if you specifically want an agent to use Membrane to access an itsdart.com Dart account. Before use, confirm the connected account, avoid invoking it for Dart programming-language questions, require explicit approval before any create, update, delete, or raw proxy request, and review how to revoke the Membrane connection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The skill’s identity and scope are materially misleading: it presents itself as a Dart-language/data skill, but the operational behavior is actually a Membrane-mediated integration to a third-party service at itsdart.com with generic API capabilities. This kind of scope confusion can cause an agent or user to invoke the skill under false assumptions, leading to unintended network actions against an external service and overbroad access beyond the user’s expected task.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented proxy feature permits arbitrary authenticated HTTP requests, including state-changing methods, which greatly exceeds the stated purpose of simply interacting with Dart data. In an agent setting, this becomes a powerful confused-deputy primitive: once a connection exists, prompts could steer the agent into making destructive or sensitive requests through trusted credentials.

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The documentation mixes two different meanings of 'Dart'—the programming language and a third-party service domain—creating deceptive operational context. This increases the chance of accidental credentialed actions because a user or orchestrator may believe the skill is informational or code-related when it actually initiates external service connections and API activity.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation guidance is overly broad ('when the user wants to interact with Dart data'), which can cause the agent to select this skill in ambiguous situations. Because the skill enables networked, authenticated actions, loose routing increases the chance of unintended external operations and misuse outside the user’s actual intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal