ClawHub

Easyly

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but its Easyly documentation is inconsistent while it gives an agent authenticated create, update, delete, and raw API request authority.

Install only after confirming that these Easyly resources and actions match what you intend to manage. Use a least-privilege Membrane/Easyly account, verify the Membrane CLI source or pin a known version, and require explicit approval before any create, update, delete, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata advertises one set of business objects and capabilities, while the body documents unrelated entities and actions. This mismatch can cause an agent or user to invoke the skill under false assumptions, leading to unintended access, modification, or deletion of the wrong external data in a live integration context.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation describes a product-demo platform but then switches to recruiting-style objects such as candidates, jobs, and leads, indicating the skill may be copied from another integration or inaccurately specified. In an agent setting, this semantic inconsistency increases the chance of selecting incorrect actions or sending requests to inappropriate endpoints, resulting in data integrity and privacy issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly includes destructive operations like deleting leads but provides no guidance to require user confirmation, preview the target resource, or distinguish read from write actions. In agent-driven workflows, that omission makes accidental irreversible changes much more likely, especially when actions are chosen autonomously from natural-language intent.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal