ClawHub

Hubstaff

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Hubstaff integration, but it needs review because it gives broad authenticated access to sensitive workforce data and raw API requests beyond the short description.

Install only if you are comfortable giving an agent access to the connected Hubstaff account. Use the least-privileged Hubstaff account available, prefer listed Membrane actions over raw proxy requests, and require explicit confirmation before accessing screenshots, time/activity records, personnel data, or making any write/delete API request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest describes the skill narrowly as managing organizations, but the body documents access to many additional Hubstaff domains including users, screenshots, time entries, and generic request capability. This scope mismatch can cause an orchestrating agent or reviewer to underestimate the permissions and data exposure involved, increasing the risk of overbroad use and unintended access to sensitive workforce data.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The proxy request section permits direct requests to arbitrary Hubstaff API endpoints through an authenticated connection, bypassing the safer, narrower action interface. In practice this expands the skill from a scoped integration into a general authenticated API client, which can expose or modify any data the Hubstaff account can access, including potentially sensitive employee screenshots, time data, and organizational records.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal