ClawHub

Iterate

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Iterate/Membrane integration, but it gives broad authenticated API access that can read, change, send, or delete account data without clear guardrails.

Install only if you trust Membrane and intend to let the agent operate inside your Iterate account. Connect the least-privileged account or workspace available, review any action before it sends surveys or changes data, and require explicit approval before any raw proxy request or POST, PUT, PATCH, or DELETE operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says the skill is for managing organizations, but the body documents a broad Iterate integration covering surveys, feedback, users, workspaces, and generic API operations. This scope mismatch can cause an orchestrator or user to invoke the skill under false assumptions, increasing the chance of unintended access to broader data or actions than expected.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The proxy request section explicitly enables direct access to arbitrary Iterate API endpoints, which is materially broader than the manifest's stated organization-management purpose. That broad capability can bypass the safer, narrower action-discovery flow and permit operations or data access outside what a caller reasonably expects from the skill description.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The manifest description presents the skill as organization management, while the rest of the file describes a general-purpose Iterate integration with broad search, action execution, and raw request capabilities. This deceptive or inaccurate framing weakens informed consent and makes policy-based gating harder, because the declared purpose does not match the real operational surface.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation condition 'Use when the user wants to interact with Iterate data' is extremely broad and can match many requests involving Iterate, including sensitive or destructive operations. Over-broad routing language increases the likelihood that the skill is selected in situations where a narrower, safer skill or an explicit confirmation step would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal