ClawHub

Dext

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Dext integration, but it gives broad authenticated access to sensitive business data without clear safeguards for raw write or delete requests.

Install only if you trust Membrane and intend to let an agent access Dext data. Use a least-privileged Dext account where possible, verify the tenant and connection, and require the agent to show the exact endpoint, method, payload, and expected effect before any raw proxy, write, delete, or user-management action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s declared purpose is narrowly framed around managing Organizations, Users, Goals, and Filters, but the body documents much broader access to Dext data and generic Membrane capabilities, including client/account/contact/conversation access and direct API proxying. This mismatch can cause overbroad use by an agent or user, increasing the chance of unauthorized or unintended data access beyond the advertised scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy-request section explicitly enables arbitrary HTTP requests to Dext endpoints through an authenticated connection, which bypasses the narrower action-based interface and allows substantially broader capability than the stated skill purpose. In practice, this can expose sensitive accounting or client data, or permit unintended modification operations, if an agent uses the proxy too freely or under prompt-influenced instructions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description, 'Use when the user wants to interact with Dext data,' is overly broad and can cause the skill to activate for vague or generic requests. That increases the chance an agent selects this skill in contexts where the user did not intend broad access to financial or client-related data, leading to unnecessary exposure or actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal