ClawHub

Publisherkit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate PublisherKit integration, but it gives the agent broad authenticated access that can modify or delete PublisherKit data without clear safeguards.

Install only if you trust Membrane and intend to let an agent manage PublisherKit content through your account. Connect the narrowest account or workspace available, review the exact action, endpoint, method, and target before any write/delete/proxy request, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest says the skill manages Organizations, Leads, Users, Goals, and Filters, but the body documents a different PublisherKit object model: Accounts, Workspaces, Brands, Templates, Campaigns, and Posts. This mismatch can cause the orchestrator or user to invoke the skill under false assumptions, leading to over-broad access and actions on resources that were not clearly declared.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill presents itself as managing specific PublisherKit data, but it also exposes a generic authenticated proxy for arbitrary API paths. That effectively expands the skill from a scoped integration into near-unbounded API access, which can bypass higher-level action constraints and enable unintended reads, writes, or destructive operations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description is broad enough that the skill may be selected for generic data-management requests without clear scoping to safe, intended operations. In an agentic environment, overly broad routing language increases the chance of accidental invocation and use of connected credentials in contexts the user did not specifically intend.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises delete operations for multiple entity types without any warning, confirmation requirement, or guidance on safe handling. In an autonomous or semi-autonomous workflow, this raises the risk of irreversible destructive actions being taken too casually or without sufficient user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The proxy section tells the agent how to send arbitrary authenticated requests but omits any caution about the sensitivity of that capability. Because the proxy can reach arbitrary endpoints with valid auth, the missing warning materially increases the chance of unsafe exfiltration, privilege misuse, or destructive API calls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal