ClawHub

Pipefy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Pipefy integration, but it exposes broad authenticated write/delete and raw API access without clear safety guardrails.

Install only if you trust Membrane and intend to let an agent manage Pipefy using your account's permissions. Use the least-privileged Pipefy account available, review connection scopes, avoid raw proxy requests unless necessary, and require explicit confirmation before deleting, moving, or bulk-updating cards or table records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest says the skill manages Organizations, Users, and Filters, but the body documents much broader capabilities including cards, pipes, tables, comments, record deletion, and arbitrary API proxying. This scope mismatch can mislead routing or approval logic and cause the skill to be invoked for broader, higher-risk operations than the metadata suggests.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy request section enables arbitrary authenticated requests to the Pipefy API, which materially expands the skill from curated actions to near-full API access. Because the manifest presents a narrower purpose, this hidden generality increases the risk of unintended data access, mutation, or destructive operations beyond what a user or orchestrator may expect.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is broad enough to trigger on many generic Pipefy requests, while the skill actually supports a wide set of actions including writes and deletions. Overbroad invocation criteria increase the chance that an agent selects this skill in contexts where narrower tools or additional user confirmation would be safer.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises destructive actions such as deleting cards and table records without any warning, confirmation requirement, or safety guidance. In an agentic setting, exposing deletion capabilities without explicit safeguards raises the likelihood of accidental or unauthorized destructive changes to business workflow data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal