ClawHub

Serverless

Security checks across malware telemetry and agentic risk

Overview

This Serverless integration is not deceptive, but it gives an agent broad authenticated control over sensitive cloud resources without clear approval boundaries.

Install only if you intend to let Membrane-mediated agent actions access your Serverless account. Use a least-privilege connection, verify the CLI before global installation, require manual confirmation for create/update/delete, deployment, billing, secret, role, policy, and raw proxy calls, and revoke the connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest frames the skill as interacting with 'Serverless data,' but the body grants broad operational control over infrastructure resources and arbitrary API proxying. This mismatch can cause the agent to invoke the skill in contexts where users did not intend broad administrative actions, increasing the chance of over-privileged or destructive operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance 'Use when the user wants to interact with Serverless data' is overly broad and can match many loosely related requests. In an agent setting, broad routing language increases accidental activation of a skill that has powerful infrastructure-management and API-execution capabilities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly documents raw proxy access with GET, POST, PUT, PATCH, and DELETE and does not require confirmation, scope checks, or warnings for destructive or privacy-impacting calls. Because the proxy automatically injects authentication and targets the connected service, an agent could perform arbitrary authenticated actions against production resources with little friction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal