ClawHub

Rentcast

Security checks across malware telemetry and agentic risk

Overview

This RentCast skill appears legitimate, but it needs review because it can use authenticated Membrane access to run broad RentCast API requests, including write and delete operations, without clear in-skill approval limits.

Install only if you trust Membrane and are comfortable connecting a RentCast account through it. Before use, tell the agent to prefer listed Membrane actions, show the endpoint and payload for any raw proxy request, and get explicit approval before creating, updating, or deleting properties, contacts, leads, or other RentCast records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest frames the skill as limited to managing Properties, Contacts, and Leads, but the body documents broad action discovery and arbitrary proxy access to the RentCast API. This scope mismatch can cause an orchestrating agent or reviewer to underestimate what the skill can actually do, increasing the risk of unintended data access or overbroad use.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill exposes a generic authenticated proxy request mechanism that can reach arbitrary RentCast endpoints beyond the narrowly stated use case. In an agent setting, this bypasses the safety benefits of curated actions and enables broader data access or mutation than a user may expect from the skill description.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation guidance says to use the skill whenever the user wants to interact with RentCast data, which is broad and underspecified. Overbroad triggering can cause the agent to invoke this skill in situations where a narrower or safer workflow would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal