ClawHub

Foxy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Foxy/Membrane integration, but its documentation is inconsistent and it can change live commerce data without clear guardrails.

Install only if you intend to manage a Foxy/FoxyCart commerce account through Membrane. Use a least-privileged account, verify store/customer/subscription IDs before actions, require explicit approval for create/update/cancel/delete operations, and avoid raw proxy requests unless you know the endpoint and production impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises management of Organizations, Users, Goals, and Filters, but the body documents Foxy commerce entities such as stores, customers, coupons, subscriptions, and transactions. This mismatch can cause the agent to invoke the skill in the wrong contexts and perform unintended operations against real external data, especially because the skill includes write-capable actions and authenticated API proxying.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill documentation is internally inconsistent about what Foxy objects exist and what operations are supported. Contradictory capability descriptions increase the chance that an agent will choose incorrect actions, hallucinate unsupported workflows, or fall back to raw proxy requests that can modify external state without clear user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match generic Foxy-related requests without clearly defining safe or intended boundaries. In an agent setting, overbroad routing can trigger this skill for ambiguous prompts and lead to unnecessary exposure of account data or accidental execution of state-changing actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy-request section enables arbitrary authenticated API calls, including POST, PUT, PATCH, and DELETE, but does not warn that these may change or delete remote Foxy data. Because the skill is designed for live external systems and credentials are injected automatically, an agent could perform destructive operations with little friction if documentation ambiguity or prompt misrouting occurs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal