ClawHub

Dopesecurity

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dope.security integration, but it gives an agent broad authenticated power over a security administration platform without clear guardrails for changes.

Install only if you intend to let an agent operate against Dope.security through Membrane. Use a least-privileged Dope.security account, review any changes to policies, users, destinations, lists, or alerts, and require explicit approval before any raw Membrane request using POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description is overly broad: 'Manage data, records, and automate workflows' could cause the skill to be selected for many generic enterprise tasks, including ones not clearly intended for Dope.security. In a security-product integration, over-invocation increases the chance an agent uses this skill to access or modify sensitive security data when a narrower tool or explicit user confirmation would be more appropriate.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents raw proxy requests with support for POST, PUT, PATCH, and DELETE, but does not require confirmation, scope checks, or warnings before state-changing operations. Because this skill targets a browser-security platform, unsafe direct requests could alter policies, lists, destinations, or other controls, potentially weakening protections or disrupting enterprise security operations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal