ClawHub

Docraptor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DocRaptor document-generation integration, but users should be careful with its broad authenticated proxy option.

Install only if you trust Membrane and DocRaptor with the document HTML, URLs, request bodies, and metadata you send. Prefer the listed Membrane actions over raw proxy requests, review any create/download/expire operation before it runs, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest advertises broad capabilities like managing data, records, and workflows, but the documented implementation is mainly for document generation plus a generic API proxy. This mismatch can cause the skill to be invoked in contexts broader than intended, increasing the chance an agent uses powerful networked functionality without clear scope boundaries.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly exposes a raw proxy request primitive that allows direct calls to DocRaptor API endpoints beyond the curated action set. Generic proxy surfaces are dangerous because they bypass least-privilege design, make behavior harder to audit, and can enable unintended operations or abuse if the agent is prompted into using undocumented endpoints.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation condition 'use when the user wants to interact with DocRaptor data' is overly broad and ambiguous. Broad routing language increases the likelihood the skill is selected for tasks outside its safe, intended scope, especially given that it includes network access and raw request capability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal