ClawHub

Finmei

Security checks across malware telemetry and agentic risk

Overview

This skill looks like a Membrane integration, but its Finmei description conflicts with the financial actions it tells agents to run, including actions that can change or delete records.

Review carefully before installing. Use only a least-privileged Membrane/Finmei account, verify the Membrane CLI package before global installation, and require explicit human approval before any create, update, delete, payment, or raw proxy request. The artifact does not show malicious code or exfiltration, but the documentation is under-scoped for the authority it grants.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata and introductory description claim one Finmei data model (Organizations, Pipelines, Users, Goals, Filters), while the concrete action catalog describes a different domain (invoices, payments, customers, products). This mismatch can cause an agent to invoke incorrect actions against the wrong external system or data model, leading to unintended data access, modification, or deletion under false assumptions about what the skill does.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The internal documentation is self-contradictory: the overview names Company/Campaign/Contact/User/Task entities, but later operations target invoices, payments, customers, and products. In a tool-driving context, this inconsistency increases the chance that an agent will misunderstand object semantics and issue unsafe queries or mutations to the wrong endpoints or records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive capabilities such as deleting invoices, payments, customers, and products without any requirement for explicit user confirmation or safety checks. In an agent setting, omission of confirmation guidance can normalize direct execution of destructive operations, increasing the risk of accidental or unauthorized data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal