ClawHub

Linguapop

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Linguapop/Membrane integration, but it gives an agent broad authenticated API access that is not tightly scoped in the skill description.

Install only if you are comfortable letting an agent operate through your Membrane-connected Linguapop account. Prefer listed Membrane actions over raw proxy requests, verify the connection ID and tenant, and require explicit approval before sending invitations or using POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest advertises a narrower scope of managing users and organizations, but the body documents materially broader capabilities including lessons, subscriptions, invitations, and arbitrary proxy access to the Linguapop API. This scope mismatch can mislead routing, approval, and user-consent decisions, causing the agent to invoke a skill with more authority than expected.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The declared purpose says the skill manages users and organizations, but the overview emphasizes lessons, flashcards, users, and subscriptions instead. This inconsistency increases the chance of incorrect skill selection and weakens operator understanding of what data and actions the skill can touch.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text 'Use when the user wants to interact with Linguapop data' is overly broad and can cause the skill to trigger for almost any Linguapop-related request. In a skill that also supports broad action discovery and proxy requests, over-triggering expands the chance of unnecessary external access or use of a more privileged integration than intended.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal