ClawHub

Expedy

Security checks across malware telemetry and agentic risk

Overview

The skill appears to present itself as travel or expense management while documenting remote device and printer control actions, including disruptive commands.

Review before installing. Only use this skill if you intentionally want remote device/printer administration, not just travel or expense management. Require explicit confirmation before shutdown, reboot, update, print, USB, or other state-changing actions, and verify what account or device fleet the integration can access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata and description claim a travel/expense management integration, but the documented capabilities and action catalog are for device, printer, and USB control. This mismatch can mislead an agent or user into invoking sensitive operational actions under false pretenses, creating a confused-deputy risk and increasing the chance of unintended destructive operations.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The overview models business travel entities such as trips, expenses, users, and profiles, but the actionable operations are for printers and remote device administration. That inconsistency makes the skill context especially dangerous because it frames the integration as low-risk business data access while exposing infrastructure-affecting controls like reboot, shutdown, and update.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill lists destructive or disruptive actions such as shutdown-device, reboot-device, and update-device without any warning, approval gate, or confirmation guidance. In an agent setting, omission of these safeguards increases the likelihood that a model will execute high-impact operational commands automatically or in response to ambiguous user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal