ClawHub

Procfu

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate ProcFu/Membrane integration, but it needs review because it can make broad authenticated API requests, including write and delete operations, beyond the narrow organization/user description.

Install only if you intend to let the agent operate through your ProcFu account via Membrane. Prefer predefined Membrane actions, use the least-privileged ProcFu/Membrane connection available, and require explicit review before any POST, PUT, PATCH, DELETE, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest says the skill is for managing ProcFu Organizations and Users, but the body documents much broader ProcFu functionality including scripts, modules, schedules, logs, action discovery, and direct API access. This scope mismatch can cause an orchestrator or user to invoke the skill under narrower assumptions while the skill actually enables far broader operations, increasing the chance of over-privileged or unintended actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documented `membrane request CONNECTION_ID /path/to/endpoint` capability is a generic authenticated proxy to arbitrary ProcFu API endpoints. In a skill advertised as managing organizations and users, this effectively bypasses higher-level action constraints and can be used to reach unexpected or sensitive endpoints, enabling data access or state changes outside the declared purpose.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation text, 'Use when the user wants to interact with ProcFu data,' is overly broad and provides little constraint on what kinds of ProcFu operations are in scope. Broad trigger conditions increase the chance the skill is invoked for sensitive or destructive tasks without adequate narrowing, especially given the skill also exposes discovery and proxy mechanisms.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal