ClawHub

New Relic

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real New Relic integration, but it gives an agent broad account-changing and raw API access without clear confirmation safeguards.

Install only if you trust Membrane and intend to grant it New Relic access. Use a least-privilege New Relic account, review the Membrane connection scopes, prefer listed read-only actions, and require explicit confirmation with the exact resource ID before create, update, delete, or proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The skill is branded and described as a New Relic integration, but its connection flow explicitly allows Membrane to create a new app/connector automatically when the URL does not match a known app. That expands the operational scope beyond the declared integration and could let an agent pivot into arbitrary connector creation or unintended third-party access paths if the input URL is influenced by user prompts or model error.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented proxy request capability permits direct requests to arbitrary API paths through the authenticated Membrane connection, which is broader than the listed New Relic account/data actions. This increases the chance of unauthorized or overly powerful operations, including invoking undocumented, destructive, or higher-risk endpoints without the guardrails of typed actions.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description 'Use when the user wants to interact with New Relic data' is broad and could trigger the skill for loosely related prompts, causing the agent to invoke account-connected actions when the user only wanted general information or analysis. In a capability-bearing integration, over-broad activation increases the risk of unintended external calls and side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises a delete-application action without any warning, confirmation, or safety guidance around destructive operations. In an agent context, this omission makes accidental or prompt-induced deletion more likely, especially if the model interprets ambiguous user requests as authorization to modify or remove production resources.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal