ClawHub

Osano

Security checks across malware telemetry and agentic risk

Overview

This is a real Osano/Membrane integration, but it gives an agent broad authenticated access to sensitive privacy-compliance data without enough guardrails.

Install only if you trust Membrane and intend to let an agent work with Osano data. Use a least-privilege Osano/Membrane connection, verify the account and endpoint before each operation, and require explicit confirmation before any raw proxy call or any POST, PUT, PATCH, or DELETE action. Consider pinning or reviewing the Membrane CLI package rather than installing the latest global version blindly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill is named and described as "Osana," but the body clearly documents Osano, a different privacy platform. This identity mismatch can cause the agent or user to connect to the wrong service, invoke unintended actions, or mishandle sensitive privacy/compliance data under false assumptions. In a skill that can manage records and automate workflows, service confusion is operationally risky and can lead to data exposure or destructive actions against the wrong target.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation trigger "Use when the user wants to interact with Osana data" is overly broad and underspecified for a skill with network access, workflow automation, and record-management capabilities. Broad routing language increases the chance the agent invokes this skill in ambiguous contexts and performs actions on privacy/compliance data without sufficient confirmation of user intent or scope. Because this integration can potentially read or modify regulated data, accidental invocation is more dangerous than in a read-only or low-sensitivity skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes a generic proxy request capability and mutation-capable HTTP methods without any warning about destructive operations, scope validation, or user confirmation. This makes it easier for an agent to bypass safer pre-built actions and issue arbitrary API calls that could alter consent settings, breach records, vendor data, or other sensitive compliance information. In the context of a privacy platform, undocumented direct-write access is especially risky because mistakes can create compliance, legal, and data integrity issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal