ClawHub

Plain

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it asks for authenticated Plain access while giving conflicting descriptions of what data it manages and allowing broad API actions.

Only install this after confirming which Plain product and account data it is meant to access. If you use it, prefer listed Membrane actions, require explicit confirmation before creating, updating, or deleting anything, avoid raw proxy requests unless you understand the exact API call, and use the least-privileged Membrane/Plain connection available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says this integration manages CRM entities like persons, organizations, deals, and leads, but the body documents a different product and object model entirely. This mismatch can cause an agent to invoke the skill in the wrong user context, leading to unintended API actions, data access, or disclosure against an unrelated connected service.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline documentation explicitly describes a different Plain product than the manifest claims, which makes the skill materially deceptive from an agent-routing and user-consent perspective. In practice, this increases the chance of wrong-tool selection, mis-scoped operations, and user authorization being applied to a service the user did not intend to access.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation condition 'Use when the user wants to interact with Plain data' is overly broad and, combined with the product confusion in this file, increases the chance that an agent selects this skill for ambiguous requests. Over-broad routing can expose or modify data in the wrong system because the skill does not narrowly define supported tasks or product boundaries.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal