ClawHub

Fidel Api

Security checks across malware telemetry and agentic risk

Overview

This skill appears to manage live Fidel payment-card data, but its description advertises unrelated CRM-style capabilities and lacks clear safeguards for account-changing actions.

Review before installing. Use only if you intend to manage Fidel card-program resources through Membrane, and require explicit user approval before any create, update, delete, webhook, or non-GET proxy request. The publisher should align the description with the actual Fidel scope and add clear write/delete guardrails.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest description claims CRM-style capabilities such as managing Persons, Organizations, Deals, Leads, Projects, and Activities, while the body of the skill documents a card-linking/payment API with programs, cards, transactions, offers, and webhooks. This mismatch can cause the orchestrator or user to invoke the skill in the wrong context, leading to inappropriate actions against a sensitive financial integration and increasing the chance of data access or modification outside user intent.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The top-level skill description contradicts the documented API surface and examples, creating a deceptive or misleading contract for downstream agents. In practice, this can steer automation into using a financial-data skill for unrelated business-object operations, causing incorrect queries, unsafe proxy use, or unintended writes/deletes in the connected Fidel account.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation text is broad enough that a planner may select this skill for many generic 'interact with data' requests, even when the request is unrelated to Fidel. Because the skill includes both read and write capabilities over a sensitive payments integration, over-broad routing increases the likelihood of unnecessary account access or unintended operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents destructive actions like deleting cards and creating/modifying resources without any warning, confirmation guidance, or mention of irreversible effects. In an agent setting, omission of safety prompts makes it easier for automation to execute state-changing operations on live financial/account data without adequate user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy request section exposes arbitrary HTTP methods against the remote API but does not warn that POST, PUT, PATCH, and DELETE can change or remove live data. Since the proxy also handles authentication automatically, an agent may treat it as a convenient fallback and perform powerful direct operations without the guardrails present in curated actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal