ClawHub

Mamo Business

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Membrane-based business app integration, but its documented scope is inconsistent and it exposes broad authenticated API access.

Review before installing. Only use it if you trust Membrane and the publisher, and confirm the exact app/account being connected. Be especially careful with any raw API request or POST, PUT, PATCH, or DELETE action, because it may change business data outside the narrower capabilities the skill appears to advertise.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata claims capabilities around Organizations, Pipelines, Users, Goals, and Filters, but the body documents a different business domain entirely. This scope mismatch can mislead an agent into invoking the skill under false assumptions and then using broader tooling than the user intended, increasing the risk of unauthorized or irrelevant actions against the connected account.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises a limited set of business-data management functions but then explicitly enables arbitrary proxy requests to any API path through an authenticated connection. That effectively expands the skill from scoped operations to near-unrestricted API access, which can bypass user expectations, internal guardrails, and least-privilege assumptions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad enough to match almost any request involving Mamo Business data, which increases the chance of over-triggering the skill in contexts where a narrower or safer tool should be used. Overbroad routing matters more here because the skill also documents direct authenticated API access, amplifying the consequences of accidental invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal