ClawHub

Routable

Security checks across malware telemetry and agentic risk

Overview

This Routable skill is a real integration pattern, but it gives an agent broad write-capable access to financial workflows without clear safety boundaries.

Install only if you intend to let the agent use a Routable account for AP-related work. Require explicit confirmation before any action that creates, updates, approves, pays, or deletes financial records, and prefer curated Membrane actions over raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill claims to target Routable accounts-payable use cases, but the documented object/model list spans many unrelated operational domains and generic software concepts. This scope mismatch can mislead an agent into over-trusting the skill's capabilities and using it for actions far beyond the user-expected financial context, increasing the chance of unsafe or unauthorized operations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy-request section explicitly enables arbitrary direct requests to Routable endpoints, bypassing curated actions and their safety affordances. That materially expands capability to any authenticated API operation, including sensitive reads, writes, or destructive changes, with little guidance on authorization checks or safe-use constraints.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is overly broad: 'interact with Routable data' can match many ambiguous user requests without clarifying safe task boundaries. In an agent-routing context, this can cause over-invocation of a powerful external integration and increase the chance of unintended data access or modification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation teaches direct proxy access but does not warn that the same mechanism can issue POST, PUT, PATCH, or DELETE requests that change or delete data. Without a clear caution or confirmation requirement, an agent may treat proxying as routine and perform irreversible operations without adequate user awareness.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal