ClawHub

Sendoso

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Sendoso integration, but it gives an agent broad authenticated ability to send gifts or invite users without clear safety checkpoints.

Install only if you trust Membrane and intend to let an agent operate your Sendoso account. Before any send, eGift, user invitation, or proxy request, confirm the recipient, message, campaign, budget or cost impact, and permissions. Use the least-privileged Sendoso account practical and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description says the skill manages unrelated CRM-style entities such as Persons, Organizations, Deals, Leads, Projects, and Activities, while the rest of the file clearly targets Sendoso gifting operations. This mismatch can cause the agent to invoke the skill for requests outside its real scope, leading to unintended actions or confused data handling in the wrong business context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough that an agent may select this skill for generic Sendoso-related requests without clear boundaries on read-only versus write operations or on which objects are actually supported. Because the skill can create sends and issue direct API requests, overbroad routing increases the chance of unintended live actions against a production Sendoso environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explains how to run create actions and arbitrary proxy requests against the Sendoso API, but it does not warn that these operations can modify real production data, trigger gifts, or send invitations. In an agent setting, that omission materially raises the risk of accidental state changes, financial cost, or unauthorized outreach because the instructions normalize direct execution without safety checkpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal