ClawHub

Freeagent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real FreeAgent/Membrane integration, but it needs review because it can read and change accounting records and its safety boundaries are under-described.

Install only if you intend to connect FreeAgent accounting data through Membrane. Use the narrowest FreeAgent permissions available, prefer listed Membrane actions over raw proxy calls, confirm every create/update/delete request immediately before execution, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest positions the skill as a general FreeAgent integration for managing business objects, but the body documents access to broader accounting records and direct API proxying. This scope mismatch can cause an orchestrating agent or user to invoke the skill under a narrower trust assumption than the actual capabilities warrant, increasing the risk of overbroad data access or unintended actions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The proxy request guidance enables arbitrary authenticated requests to the FreeAgent API, which effectively bypasses the guardrails of curated actions. In an agent setting, this can expose sensitive financial data or permit destructive operations through generic request construction without clear constraints or approval boundaries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation condition 'use when the user wants to interact with Freeagent data' is very broad and gives little guidance on task boundaries, sensitivity, or required confirmation for risky operations. Overbroad routing language can cause an agent to select this skill for requests involving sensitive accounting data or write operations without sufficient policy checks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises create, update, and delete actions, including invoice deletion, without any warning about side effects, audit implications, or confirmation requirements. In an autonomous or semi-autonomous environment, that omission increases the likelihood of accidental destructive changes to financial records.

Missing User Warnings

High
Confidence
98% confidence
Finding
The proxy section describes arbitrary API calls with all major HTTP verbs but does not warn that these requests may exfiltrate sensitive accounting data or modify/delete records. Because the proxy inherits authenticated access, missing safety guidance materially increases the risk of high-impact misuse by an agent or operator.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal