ClawHub

Lookml

Security checks across malware telemetry and agentic risk

Overview

This LookML skill is coherent, but it gives agents broad authenticated Membrane API access, including write/delete proxy requests, without clear scope limits or confirmation guidance.

Review before installing. Use this only with a least-privilege LookML/Looker connection, confirm every write or delete request before it runs, prefer discovered typed Membrane actions over raw proxy calls, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a LookML-focused integration, but the connection workflow is generic enough to create or discover arbitrary Membrane-backed app connections from a URL/domain. That expands the effective permission and capability scope beyond LookML data operations, increasing the risk of unintended access to other services or broader API surfaces than the user would reasonably expect from the manifest.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documented `membrane request` capability functions as a generic authenticated HTTP proxy with arbitrary paths, headers, query parameters, and mutating methods. In a skill framed as a LookML integration, this broad raw-request surface can bypass safer pre-built actions and enables destructive or out-of-scope API calls with inherited credentials.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance says to use the skill when the user wants to interact with LookML data, which is broad and underspecified. Overbroad routing conditions increase the chance the agent invokes this skill in situations where a narrower or read-only tool would be more appropriate, exposing unnecessary connection and proxy capabilities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises direct proxy requests with GET, POST, PUT, PATCH, and DELETE but gives no warning that these operations may modify or destroy remote data or configuration. This omission makes unsafe use more likely, especially when combined with agent autonomy and authenticated request execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal