ClawHub

Google Gemini

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Gemini integration through Membrane, with broad API capabilities users should handle carefully but no evidence of hidden or malicious behavior.

Install only if you intend to use Membrane to connect to Google Gemini. Prefer the listed actions over raw proxy requests, review endpoint paths and payloads before running them, avoid write or delete methods unless specifically needed, and revoke the Membrane/Gemini connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest says the skill manages users and conversations, but the body of the skill primarily exposes Gemini model actions and raw proxy access. This mismatch can cause an orchestrator or user to invoke the skill under false assumptions, increasing the chance of unintended data access or transmission to an external API.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough that the skill may be selected for loosely related requests about Google Gemini, even when the user did not intend external API interaction. Over-broad routing increases the risk of accidental use, unnecessary authentication flows, and unintended network transmission of user data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents direct proxy HTTP requests to the Gemini API but does not clearly warn that prompts, files, or other user-supplied content will be sent over the network to a third-party service. In a security-sensitive agent setting, that omission can lead to silent exfiltration of sensitive data through generic proxy functionality.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal