ClawHub

Noticeable

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it grants broad authenticated Noticeable access through Membrane without clear limits or confirmation rules.

Install only if you are comfortable letting an agent use Membrane-mediated authenticated access to your Noticeable account. Use a least-privileged account, avoid raw proxy requests unless necessary, and require explicit confirmation before creating, editing, or deleting Noticeable data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as managing organizations, but the body grants much broader capability: generic action discovery/execution and arbitrary proxy access to the connected Noticeable API. This scope mismatch can cause the agent or user to invoke the skill in situations where they do not expect broad authenticated API access, increasing the chance of over-privileged operations or unintended data access.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The proxy-request feature allows arbitrary authenticated requests to backend endpoints, which is materially broader than the declared purpose of organization management. In an agent setting, this becomes dangerous because it can be used to read, modify, or delete any accessible Noticeable data through opaque paths without task-specific guardrails.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Generic action search and execution lets the agent discover and run any available operation on the connection, not just organization-management actions. That capability expansion weakens least-privilege boundaries and can expose unrelated data or mutation paths if the agent follows broad user prompts or makes poor tool selections.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation text is broad enough that the skill may be selected for many ordinary requests about Noticeable, even when the user did not intend to grant broad authenticated access. Overbroad routing increases the chance that this skill is invoked unnecessarily, exposing data or enabling actions beyond the user's mental model.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown instructs the agent to perform direct authenticated API requests but does not warn that such requests may transmit sensitive data externally or perform destructive modifications. In practice, this omission makes unsafe behavior more likely because the agent is given a powerful generic mechanism without explicit safety constraints or consent checkpoints.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal