ClawHub

Escape

Security checks across malware telemetry and agentic risk

Overview

This Escape skill is not malicious, but it gives an agent broad authenticated API authority without clear limits or confirmation rules.

Install only if you trust Membrane and intend to connect an Escape account. Before allowing actions, require the agent to show the connection, endpoint, method, payload, and expected effect, especially for raw proxy requests or anything that creates, updates, deletes, or bulk-changes data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as an Escape-specific integration, but it documents a generic proxy facility that can issue arbitrary API requests, including POST, PUT, PATCH, and DELETE. That broadens the capability from a scoped SaaS integration into a general authenticated request tunnel, increasing the risk of unauthorized data access, destructive actions, and use beyond the user's likely intent.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The instructions say that if no known app is found, one is created and a connector is built automatically. In an Escape-specific skill, that means the skill can drift into provisioning or connecting arbitrary external applications, which violates least privilege and creates a path for unintended outbound integration and data exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation text says to use the skill when the user wants to interact with 'data, records, and automate workflows,' which is broad enough to match many unrelated tasks. Overbroad routing can cause the agent to activate a networked, high-privilege skill in contexts where a narrower or non-networked tool should be used, increasing the chance of unintended external actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal