ClawHub

Gatekeeper

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can access and change sensitive GatekeeperHQ business records while its stated scope and safeguards are too unclear for automatic trust.

Install only if you specifically intend to connect Membrane to GatekeeperHQ and manage contract/vendor/request data. Use a least-privilege account, confirm the exact product and connection before use, require explicit approval for any create/update/delete or proxy request, and make sure you know how to revoke the Membrane/Gatekeeper connection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest advertises a narrower capability set ('Manage Users, Organizations') than the body actually exposes, including broader contract/vendor/request/task/document operations and raw API access. This mismatch can cause the agent or user to invoke the skill under false assumptions, leading to overbroad access or actions outside the expected trust boundary.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The overview describes one resource model (Policy/Request/User/Group) while the operational sections use another (contracts, vendors, tasks, documents, categories). Inconsistent object models increase the chance that an agent misinterprets the target system and performs unintended queries or modifications against the wrong resources.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough to match generic Gatekeeper-related requests, even though the skill includes write operations and raw API proxying. Overbroad routing can cause the skill to activate in situations where the user did not intend contract/vendor/request management or direct API access, increasing the risk of inappropriate actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents multiple write-capable actions and unrestricted direct API proxy requests without requiring confirmation, warning about side effects, or describing approval boundaries. In an agent setting, that omission materially raises the risk of unauthorized changes, destructive requests, or access to sensitive data through raw endpoints.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal