ClawHub

Rippling Hr

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Rippling HR integration, but it gives an agent sensitive HR access and mutation authority without clear approval boundaries.

Install only if you trust Membrane and intend to let an agent work with Rippling HR. Use a least-privilege Rippling/Membrane account, confirm every create, update, delete, approve, or deny action before it runs, avoid raw proxy requests unless you understand the endpoint and method, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a Rippling HR integration, but these lines explicitly enable generic direct API proxying beyond the curated HR actions. That broadens the effective capability from scoped HR operations to arbitrary authenticated requests, increasing the chance of misuse, overreach, and access to unintended endpoints or sensitive data.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation says unknown URLs can cause a new app to be created and a connector to be built automatically, which exceeds the stated purpose of interacting with Rippling HR data. This creates a broader platform-management and arbitrary integration capability that could be abused to pivot into other services or establish unintended external connections.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
These sections advertise state-changing and destructive HR actions such as creating leave requests, creating/updating/deleting groups, and processing leave requests without any requirement for confirmation, authorization checks, or human review. In an HR context, such actions can directly affect employee records, permissions, workflows, and payroll-adjacent operations, making silent execution especially risky.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal