ClawHub

Originalityai

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Originality.ai integration, but it asks for broad authenticated Membrane access and gives agents loosely scoped ways to act on the account.

Install only if you are comfortable granting Membrane delegated access to your Originality.ai account. Use it for specific user-requested tasks, prefer discovered read-only or narrow Membrane actions, and require explicit confirmation before sending document content, spending credits, changing users or workspaces, or using raw proxy requests with non-GET methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata claims it manages Documents, Users, and Workspaces, but the body describes Scan, Scan Result, and Credit operations instead. This mismatch can cause an agent to invoke the skill under incorrect assumptions, increasing the chance of unintended actions, mishandled data, or use outside the user's intended scope.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is too broad: 'Use when the user wants to interact with Originality.ai data' does not constrain what operations are allowed, when user confirmation is needed, or which data domains are in scope. In agent settings, vague routing criteria can lead to over-invocation of a networked skill and actions being taken without sufficient task-to-capability validation.

Vague Triggers

Low
Confidence
91% confidence
Finding
The instruction 'Use action names and parameters as needed' provides no safety constraints, approval requirements, or schema-validation guidance. That ambiguity can cause an agent to select overly privileged or destructive actions, especially in a skill that can discover and execute remote actions dynamically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal