ClawHub

Myotpapp

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly scoped: it asks for account-backed access to an MFA/OTP service while advertising unrelated management features and allowing broad API requests.

Review before installing. Use it only if you trust Membrane and intend to connect a MyOTP.App account. Require the agent to state the exact connection, endpoint, HTTP method, request body, and expected effect before any direct proxy call, especially POST, PUT, PATCH, or DELETE; prefer discovered Membrane actions and revoke the connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest says the skill manages users, organizations, roles, goals, filters, and projects, but the body documents OTP generation/verification plus generic API proxying. This mismatch can cause the agent to invoke the skill in the wrong contexts and grants broader-than-expected access patterns, increasing the chance of unintended actions or sensitive data access.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The inline documentation describes a very different capability set from the manifest's resource-management purpose. In an agent setting, contradictory capability descriptions are dangerous because routing and operator expectations may be based on the manifest while execution guidance enables unrelated or broader operations.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation description is broad enough that an orchestrator could select this skill for generic requests involving MyOTP.App data, even when the requested task is outside the safe or intended scope. Over-broad triggering increases the chance of unnecessary external connections, data exposure, and use of the raw proxy path for tasks that should require tighter review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes a generic proxy mechanism for arbitrary API requests but does not require explicit user confirmation or warn that data may be transmitted directly to an external service. In a security-sensitive MFA context, this can lead to unintended sending of authentication-related data or broader API interaction beyond curated actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal