ClawHub

Mailbluster

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Mailbluster integration, but it grants broad authenticated API access without clear safeguards for write, delete, or raw proxy actions.

Install only if you trust Membrane and intend to let an agent operate your Mailbluster account. Before approving any POST, PUT, PATCH, DELETE, bulk subscriber, campaign send, or raw proxy request, require the agent to show the exact endpoint, parameters, target records, and expected impact; revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says the skill is for managing Campaigns and Templates, but the body expands scope to Lists, Subscribers, Segments, and even arbitrary API proxying. This mismatch can cause an orchestrator or user to invoke the skill under a narrower trust assumption than the skill actually supports, increasing the chance of unexpected access to broader Mailbluster data and operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that the skill may be selected for generic Mailbluster-related requests without clearly constraining action types or sensitivity. In practice this can lead to overbroad activation and accidental use of powerful features, especially because the document also advertises proxy requests and multiple resource domains.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents a generic request proxy that supports arbitrary HTTP methods, headers, body data, and path parameters, but does not warn that these calls can create, update, or delete remote Mailbluster resources. That omission makes unsafe or irreversible actions more likely, particularly if an agent treats the proxy as a routine fallback.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal