ClawHub

Enigma

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it asks for authenticated account access while giving conflicting descriptions of what Enigma service and data it actually controls.

Install only if you can verify which Enigma product this is meant to control and are comfortable granting Membrane-mediated access to that account. Prefer reviewed actions over raw proxy calls, and require explicit user approval before any write or delete request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata advertises a CRM-style integration for deals, persons, organizations, leads, and projects, but the body of the skill describes a different Enigma domain involving secure collaboration and later business-risk/KYB actions. This mismatch can cause an agent to invoke the skill in the wrong user context and perform unintended operations or surface incorrect data, which is especially risky when external actions and proxy requests are available.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation simultaneously claims Enigma is a secure messaging/collaboration tool, admits the docs are ambiguous, lists collaboration objects like Document/Workspace/User, and later promotes KYB/sanctions-screening actions. These contradictions undermine safe tool selection and parameter construction, increasing the chance of confused-deputy behavior where the agent queries or mutates an unintended external system.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation text is broad enough that many generic requests involving 'Enigma data' could trigger the skill, even though the skill's actual target product is unclear. Over-broad triggering becomes more dangerous here because the skill can authenticate, discover actions, and issue direct API requests, making accidental invocation more likely to have real external effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to use a generic proxy interface supporting POST, PUT, PATCH, and DELETE without requiring confirmation gates or warning that these can modify or destroy remote data. In the context of inconsistent product identity, this expands the risk of unintended writes, destructive operations, or abuse of authenticated access against the wrong backend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal