ClawHub

Kadoa

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Membrane/Kadoa integration, but its description conflicts with its actual workflow controls and it lacks clear safeguards for account-changing actions.

Review before installing. Use this only if you intend to give Membrane authenticated access to Kadoa workflow and extraction data, require explicit confirmation before delete, pause, resume, run, or raw API proxy calls, and consider pinning the CLI version instead of installing @latest globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata claims CRM-style entity management, but the body documents a different product surface centered on scraping workflows and extraction schemas. This mismatch can cause an agent to select and use the skill under false assumptions, leading to unintended operations against the wrong external system or data domain.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation describes Kadoa as a cloud-cost optimization SaaS, but the later commands and action catalog clearly target web-scraping workflows. Contradictory product descriptions increase the chance that an agent will make unsafe or incorrect decisions about what data it is handling and what actions are appropriate.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises destructive capabilities such as deleting workflows and state-changing operations like pause, resume, and run without instructing the agent to obtain explicit user confirmation first. In an agentic setting, that omission can result in unauthorized or accidental modification or deletion of customer resources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal