ClawHub

Rapidoc

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives broad authenticated Membrane request and connector authority that is wider than a RapiDoc documentation integration needs.

Review before installing. Use only a least-privileged Membrane account, confirm the exact target domain and connection before use, and require explicit approval before any raw proxy call or any POST, PUT, PATCH, or DELETE request. No hidden code or destructive payload was found in the artifact, but the documented authority is under-scoped for RapiDoc.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames this as a RapiDoc-specific integration, but the body of the skill primarily teaches generic Membrane connection management and broad external access patterns. That mismatch can cause the agent to invoke or use the skill beyond the user's expected scope, increasing the chance of unintended external operations and data access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Allowing `connection ensure` to create connectors for unknown apps expands the skill from a single-app integration into a generic connector bootstrapper. An agent or attacker could leverage this to establish access paths to arbitrary third-party services unrelated to RapiDoc, violating least privilege and user expectations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The raw `membrane request` proxy exposes a generic authenticated HTTP capability that is far broader than a RapiDoc documentation viewer integration requires. In practice, this can be used to access arbitrary endpoints behind a connection, bypass intended action-level constraints, and perform unexpected read or write operations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description 'Manage data, records, and automate workflows' is generic enough to match many unrelated user requests, making accidental invocation more likely. Because the skill includes broad connection and proxy capabilities, overly broad routing increases the chance that a generic task gets escalated into unnecessary external access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal