ClawHub

Signpath

Security checks across malware telemetry and agentic risk

Overview

This SignPath skill is not clearly malicious, but it grants broad authenticated API access with weak scoping and has a misleading description mismatch.

Review before installing. Only use this skill if you intend to give an agent authenticated access to SignPath through Membrane, and be especially careful with raw proxy requests or any operation that modifies or deletes signature requests, documents, templates, or users. The publisher should correct the CRM-style description and add clearer limits or confirmation requirements for mutating API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises a scoped SignPath integration but then explicitly enables arbitrary proxied API requests to any endpoint exposed through the connection. That broadens capability beyond the declared data model and can let an agent perform unreviewed operations, increasing the risk of unintended data access, destructive changes, or use of undocumented endpoints.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The manifest says the skill manages Leads, Persons, Organizations, Deals, Projects, and Pipelines, but the body describes SignPath entities like Templates, Signature Requests, Documents, and Users. This mismatch can cause an agent to invoke the skill under false assumptions, leading to incorrect access, confused-deputy behavior, or actions against a different product/data model than the user intended.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is so broad that the skill may be selected whenever a user wants to 'interact with SignPath data,' without defining what operations are safe or intended. Overbroad routing increases the chance the agent invokes this skill for sensitive, destructive, or unsupported tasks, especially given the generic action search and proxy features.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal