ClawHub

Finch

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Finch/Membrane integration, but it gives an agent broad authenticated access to sensitive HR and payroll APIs without clear safeguards for write or delete actions.

Install only if you are comfortable letting an agent access Finch through Membrane. Use the narrowest available Finch/Membrane permissions, prefer discovered Membrane actions over raw proxy calls, confirm every POST/PUT/PATCH/DELETE request before it runs, and revoke the connection when the task is complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a Finch-specific integration, but the documented `membrane connection ensure` flow can normalize arbitrary URLs/domains and create a new app or connector automatically. That broadens the effective scope beyond Finch and can cause the agent to connect to unintended third-party services, increasing the chance of unauthorized data access or misuse under a misleading skill identity.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The documentation exposes a generic proxy mechanism with support for GET/POST/PUT/PATCH/DELETE, which gives broad direct API capability beyond the high-level description of 'interact with Finch data.' In an agent setting, this can enable destructive or privacy-impacting operations against HR/payroll systems without strong guardrails or user awareness.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The activation text says to use the skill whenever the user wants to interact with Finch data, which is broad and underspecified for a system handling sensitive employment and payroll information. Loose trigger conditions increase the risk of the agent invoking this skill in ambiguous contexts and exposing or modifying sensitive HR data without sufficient intent verification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown describes raw API requests and explicitly lists state-changing HTTP methods, but it does not warn that these may create, update, or delete sensitive HR/payroll data. In an agent-driven workflow, omission of such warnings can normalize unsafe operations and lead to accidental destructive actions or unauthorized record changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal