ClawHub

Oysterhr

Security checks across malware telemetry and agentic risk

Overview

This OysterHR skill is not deceptive, but it gives an agent broad access to sensitive HR systems without enough built-in limits or confirmation guidance.

Install only if you intend to let an agent operate through Membrane against OysterHR. Use a least-privileged OysterHR account, review every write, delete, export, payroll, permissions, offboarding, or termination action before it runs, and avoid broad searches or raw proxy calls unless the business need is explicit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description is very broad ('Use when the user wants to interact with OysterHR data'), which can cause the skill to trigger on many ordinary HR-related requests without clearly signaling that it can access or modify highly sensitive employee records. In an HR context, overbroad invocation increases the chance of unnecessary exposure of payroll, benefits, identity, or disciplinary data and of accidental destructive actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation does not warn that this skill operates on privacy- and integrity-sensitive HR data such as employee records, payroll, contracts, disciplinary actions, and compliance documents. Without explicit cautions, an agent may treat requests as routine automation and perform actions or disclose data without sufficient user confirmation or minimization.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents a generic authenticated proxy request capability that can send arbitrary methods and payloads to the OysterHR API, but it does not warn about destructive requests or sensitive-data exfiltration. In an HR platform, this materially increases risk because the proxy can bypass safer curated actions and enable bulk reads, writes, deletions, or policy changes against highly sensitive personnel systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal