ClawHub

Helpspace

Security checks across malware telemetry and agentic risk

Overview

This Helpspace skill is a plausible integration, but it needs review because it can modify or delete customer-support data and use a broad API proxy without clear safeguards.

Install only if you trust Membrane and intend to let an agent operate on Helpspace business and customer-support data. Use a least-privileged Helpspace account, pin or review the CLI where practical, and require explicit user confirmation with exact object IDs before any update, delete, or proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames the skill as managing organizations, but the body exposes much broader Helpspace capabilities including tickets, tasks, customers, and direct API access. This scope mismatch can cause an orchestrating agent or reviewer to grant or invoke the skill under false assumptions, increasing the chance of over-privileged or unintended operations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The proxy section authorizes arbitrary requests to Helpspace endpoints, which materially expands the skill beyond its stated purpose and bypasses the safer constraints of predefined actions. In practice this enables access to undocumented or destructive operations and makes it easier for prompt-influenced workflows to perform unintended actions against the connected tenant.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation condition 'when the user wants to interact with Helpspace data' is so broad that it encourages the skill to activate for nearly any Helpspace-related request. Overbroad routing increases the odds that powerful capabilities, including destructive actions and raw API access, are used in contexts where a narrower or safer workflow would have been more appropriate.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill advertises delete operations for tasks, tickets, and customers without any requirement for user confirmation, dry-run review, or warning about irreversible consequences. In an agent setting, this makes accidental or prompt-induced destructive actions much more likely, especially since deleting a customer also deletes all their tickets permanently.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal