ClawHub

Onedesk

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OneDesk integration, but it gives broad authenticated access to live business data without clear limits or confirmation rules.

Review before installing. Use it only with the intended OneDesk account, prefer discovered read-only actions first, explicitly approve any create, update, or delete operation, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and description frame the skill as managing Organizations, but the body documents access to many OneDesk object types and generic action execution. This mismatch can cause the agent or user to invoke the skill under a narrower trust assumption than its actual capabilities, increasing the chance of unintended data access or modification.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The proxy section enables arbitrary direct API requests, which materially expands the skill beyond a constrained integration into a general-purpose authenticated API client. In a skill advertised narrowly, this hidden breadth is dangerous because it can be used to access, modify, or delete any reachable OneDesk resource through the user's authenticated connection.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough that the skill may be selected for many generic requests involving OneDesk data, even when the user did not intend broad account access. Overbroad routing increases exposure because the skill includes mechanisms for expansive data operations once invoked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to run actions and direct API requests, including methods like POST, PUT, PATCH, and DELETE, without warning that these may alter or destroy remote OneDesk data. In an agent context, omission of mutation warnings and confirmation requirements makes accidental destructive actions significantly more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal