ClawHub

Kodagpt

Security checks across malware telemetry and agentic risk

Overview

This is a coherent KodaGPT/Membrane integration, but it gives broad authenticated ability to change or delete persistent KodaGPT knowledge-base data without clear safeguards.

Install only if you trust Membrane and need KodaGPT account integration. Use the least-privileged KodaGPT connection available, verify or pin the Membrane CLI package where possible, and require explicit user confirmation before update, delete, or raw proxy API requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest advertises the skill as being for managing organizations, but the body describes chatbot, knowledge-base, and generic proxy capabilities. This scope mismatch can cause the skill to be invoked in contexts the user did not intend, increasing the chance of unauthorized or surprising actions against unrelated KodaGPT resources.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill exposes a generic authenticated proxy request mechanism with few constraints, allowing arbitrary API paths and methods beyond the stated purpose. In an agent setting, this materially expands the action surface and can enable unintended reads, writes, or destructive operations against any reachable KodaGPT endpoint using delegated credentials.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation text says to use the skill whenever the user wants to interact with KodaGPT data, which is broad and underspecified. Overbroad routing criteria can cause the agent to select this skill for sensitive or destructive operations without sufficient task-specific safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises destructive actions such as deleting knowledge-base content without requiring confirmation, warning, or rollback guidance. In an autonomous or semi-autonomous workflow, this raises the risk of accidental data loss or misuse from ambiguous prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal