ClawHub

Postalytics

Security checks across malware telemetry and agentic risk

Overview

This Postalytics skill is not malicious, but it should be reviewed because it gives an authenticated agent broad Postalytics access, including write and delete-capable API calls, without clear scoping or confirmation guidance.

Install only if you are comfortable giving an agent broad access to your Postalytics account through Membrane. Prefer curated Membrane actions, require explicit approval before any POST, PUT, PATCH, or DELETE request, avoid broad contact or campaign exports unless needed, and revoke the Membrane/Postalytics connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest and description frame the skill as managing organizations or interacting with Postalytics data generally, but the body exposes much broader capabilities across campaigns, lists, templates, automations, contacts, deliveries, users, and account operations. This scope mismatch can cause an agent or user to invoke the skill under a narrower trust assumption than the actual privileges and side effects it enables.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill explicitly documents arbitrary proxied API requests, including POST, PUT, PATCH, and DELETE, while its high-level description does not warn that it can perform unrestricted state-changing operations. This creates a dangerous capability gap where an agent may treat the skill as a routine data-access integration but actually gain a generic write/delete interface to the Postalytics account.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match many general requests about Postalytics data, without constraining resource types or read-versus-write behavior. Broad routing language increases the chance the agent selects this skill in situations where the user did not intend account modification or broad API access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explains how to run actions and send direct API requests, including arbitrary HTTP methods, but omits any warning that these operations may create, update, or delete Postalytics data. Without explicit side-effect warnings, an agent may execute mutating commands as if they were safe retrieval steps, increasing the risk of unintended account changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal