ClawHub

Route4Me

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Route4Me integration, but it gives an agent broad account-changing and raw API powers without enough limits or confirmation guidance.

Install only if you are comfortable letting a Membrane-connected agent access and potentially modify Route4Me account data. Use the least-privileged Route4Me account available, review connection prompts carefully, and require explicit confirmation before deletes, billing or payment changes, API-key actions, account administration, or raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough that an agent could invoke it for many generic data-management requests, even when the user did not explicitly intend to operate on Route4Me. Because the skill exposes create, update, delete, and proxy capabilities against a live external service, accidental activation could lead to unintended data access or state-changing operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents broad management capabilities, including destructive and sensitive operations, but does not warn the agent to treat writes, deletes, route changes, territory changes, or direct proxy calls as high risk. In this context, the lack of safety guidance increases the chance that an agent will perform irreversible or business-impacting actions without explicit confirmation or scope checks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal