ClawHub

Drimify

Security checks across malware telemetry and agentic risk

Overview

This Drimify skill appears legitimate, but it gives an agent broad authenticated access that could change or delete live account data without clear confirmation safeguards.

Install only if you are comfortable letting the agent operate against a connected Drimify account through Membrane. Prefer read-only discovery first, review the exact endpoint and method before any proxy request, and require explicit confirmation before POST, PUT, PATCH, DELETE, billing-related, bulk, or customer-data-changing actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest description claims a narrow management scope (Organizations, Leads, Pipelines, Users, Goals, Filters), but the body documents broad Drimify access and raw proxy requests. This mismatch can cause an orchestrator or user to invoke the skill under false assumptions, leading to over-broad capability exposure and unintended data access or modification.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough that an agent may route many generic Drimify-related prompts into this skill without clear task boundaries or approval requirements. In a skill that also supports broad API access, loose triggering increases the chance of unnecessary external actions, over-collection of data, or use in contexts the user did not intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents direct proxy requests with state-changing methods like POST, PUT, PATCH, and DELETE, but does not warn about destructive effects or require confirmation before writes. In an agent context, this creates a realistic path for unintended mutations, bulk changes, or deletion of marketing data if the model interprets a prompt too aggressively.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal