ClawHub

Sare

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SARE/Membrane integration, but it gives broad authenticated access to business/customer data without enough guardrails for changes or deletions.

Review before installing. Use a least-privileged SARE account, prefer Membrane’s discovered actions over raw proxy requests, and require explicit confirmation before creating, updating, deleting, sending campaigns, or using POST/PUT/PATCH/DELETE. Revoke the Membrane/SARE connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata says it manages CRM-style entities like Persons, Organizations, Deals, and Projects, but the body documents a different SARE marketing-automation surface and also exposes generic API access. This mismatch can cause the agent to invoke the skill under false assumptions, leading to overbroad or unintended operations against an external service.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The proxy section allows direct requests to arbitrary SARE API paths with GET, POST, PUT, PATCH, and DELETE, which expands capability far beyond the narrowly described record-management purpose. This bypasses safer pre-built actions and can enable destructive changes, access to unexpected endpoints, or misuse of the authenticated connection with little policy guidance.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation description is broad enough to match many generic requests involving SARE, increasing the chance the skill is selected when the user's intent is ambiguous or narrower than the skill's real capabilities. In combination with connection setup and broad API features, over-triggering raises the risk of unintended external actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation presents direct API requests, including mutating methods, as a normal fallback without warning that they can create, update, or delete production data. That omission makes unsafe operations more likely, especially when an agent may treat these commands as routine implementation details rather than high-risk actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal