ClawHub

Optimoroute

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OptimoRoute integration, but it gives an agent broad authenticated power to change live business data without clear safeguards.

Install only if you trust Membrane and intend to let an agent operate on your OptimoRoute account. Use the least-privileged OptimoRoute/Membrane connection available, require the agent to show the exact action or endpoint, method, connection ID, and payload before any write or delete, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest says the skill is for managing Organizations, but the body enables broad OptimoRoute access across orders, drivers, vehicles, planning, analytics, and even raw proxy requests. This scope mismatch can cause an orchestrator or user to invoke the skill under narrower assumptions than what it can actually do, increasing the chance of unintended data access or actions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill advertises a narrow purpose but later explicitly permits arbitrary action discovery and direct API proxying. That combination materially expands its effective authority beyond the declared use case, making it easier to perform unexpected reads or writes against the user's OptimoRoute environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to match many generic OptimoRoute-related requests, while the skill itself has potentially wide operational reach. Over-broad routing criteria raise the risk that this skill is selected for tasks users did not intend to delegate to such a powerful integration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal