ClawHub

Formbricks

Security checks across malware telemetry and agentic risk

Overview

This is a real Formbricks integration, but it gives agents broad account authority, including deletes and arbitrary proxied API calls, without clear safeguards.

Install only if you trust Membrane and intend to let an agent operate on the connected Formbricks workspace. Connect the least-privileged account available, review action IDs and target object IDs before running them, and require explicit confirmation before any create, update, delete, or proxy request that is not read-only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says the skill is for managing organizations, but the body exposes much broader capabilities including survey, people, webhook, response, and deletion operations. This mismatch can mislead users and higher-level agents about the scope of authority they are granting, increasing the risk of unintended destructive or privacy-impacting actions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill presents itself as using defined Membrane actions, but then authorizes arbitrary proxied API requests to any Formbricks endpoint. That bypasses the safety and predictability of curated actions, enabling access to undocumented, sensitive, or destructive endpoints beyond the advertised integration surface.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill enumerates destructive operations such as deleting surveys, responses, people, webhooks, and action classes without any confirmation or warning requirements. In an agentic context, this makes accidental or prompt-induced destructive execution more likely because the documentation normalizes deletion as routine without safeguards.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal