ClawHub

Fullstory

Security checks across malware telemetry and agentic risk

Overview

This Fullstory skill is a legitimate integration, but it gives agents broad authenticated account access, including deletion and raw API requests, without enough scoping or confirmation guidance.

Install only if you trust Membrane and intend to let an agent operate your Fullstory account. Use the least-privileged Fullstory access available, review any create/update/delete or proxy command before it runs, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest and top-level description frame the skill as managing Fullstory users and sessions, but the body documents access to additional resources such as segments, dashboards, notes, integrations, and later enables arbitrary API proxying. This scope expansion can mislead downstream policy, reviewers, or users about what the skill is actually capable of, increasing the risk of unauthorized or unexpected operations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The generic `membrane request CONNECTION_ID /path/to/endpoint` capability allows arbitrary authenticated requests to the Fullstory API, which substantially exceeds a narrowly scoped users-and-sessions skill. In an agent setting, this effectively bypasses any safety implied by curated actions and can be used to access or modify additional data and functionality that were not explicitly reviewed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Documenting a destructive `delete-user` action without warning, confirmation guidance, or constraints increases the chance that an agent will perform irreversible or high-impact changes without adequate user awareness. In a delegated tool context, omission of safety guardrails around deletion is a meaningful operational risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal