ClawHub

Reward Sciences

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Reward Sciences integration, but it gives broad authenticated account access with weak guardrails around write and delete operations.

Install only if you trust Membrane and intend to let an agent access your Reward Sciences account. Use read-only discovery first, require explicit confirmation before creating, updating, or deleting anything, verify endpoint paths and object IDs for proxy calls, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest and top-level description say the skill manages CRM-style entities like Persons, Organizations, Deals, Leads, Projects, and Activities, but the body of the skill is for Reward Sciences reward-program APIs. This mismatch can cause an agent to invoke the skill in the wrong context and then send queries or mutating requests to an unrelated external system, creating a real risk of unintended data access or modification.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description is broad enough that an agent may select this skill for generic Reward Sciences-related requests without sufficient confirmation of the user's intent or the target account. In combination with network access and action execution, overbroad triggering increases the chance of unnecessary external data exposure or accidental operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents direct proxy requests with mutating HTTP methods like POST, PUT, PATCH, and DELETE, but does not require confirmation, dry-run behavior, or warnings about destructive effects. That makes it easier for an agent to perform state-changing API calls directly against the connected service, including accidental deletion or unauthorized modification of reward data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal