ClawHub

Webhook

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible Membrane webhook integration, but it gives broad authenticated connection and raw API request power without enough user-control safeguards.

Install only if you trust Membrane and intend to let an agent operate connected services through it. Review OAuth/API-key scopes carefully, prefer discovered Membrane actions over raw proxy calls, require explicit approval for POST/PUT/PATCH/DELETE requests, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a narrowly scoped Webhook integration, but its instructions enable generic connection creation against arbitrary app URLs and broader external integration behavior. That scope mismatch is dangerous because an agent may invoke this skill under the assumption it is limited to webhook data, while actually gaining a generalized cross-service access path.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Documenting creation of connectors for any integration URL goes beyond the stated Webhook purpose and effectively turns the skill into a generic external-app bootstrapper. In an agent setting, this increases the chance of unauthorized expansion of access scope, unintended data exposure, or use against services the user did not intend to authorize.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The proxy feature allows arbitrary HTTP requests, including POST, PUT, PATCH, and DELETE, which is substantially broader than managing webhook data and can be used to read, modify, or delete remote resources. Because Membrane injects authentication automatically, misuse could cause high-impact actions on connected systems with little friction or visibility.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation condition 'use when the user wants to interact with Webhook data' is vague and broad, which can cause the agent to select this skill in situations not intended by the user. Since the skill exposes broader connection and proxy capabilities, overbroad routing increases the likelihood of accidental misuse and scope escalation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown gives direct network request instructions, including mutating methods, without warning that data will be transmitted externally or that requests may change or delete remote state. In an autonomous or semi-autonomous agent workflow, that omission can lead to unsafe execution of destructive operations without informed user consent.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal