ClawHub

Sitespeakai

Security checks across malware telemetry and agentic risk

Overview

This is a real SiteSpeakAI integration, but it gives an agent broad authenticated power to change or delete SiteSpeakAI data without clear guardrails.

Install only if you are comfortable giving Membrane delegated access to your SiteSpeakAI account. Use the least-privileged SiteSpeakAI account available, review every POST, PUT, PATCH, or DELETE request before it runs, prefer discovered read-only actions when possible, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and invocation text frame the skill as "Manage Organizations," but the body documents much broader capabilities across chatbots, training data, users, arbitrary action discovery, and general SiteSpeakAI interaction. This scope mismatch can cause the agent or user to authorize or invoke the skill under a narrower trust assumption than the skill actually enables, increasing the risk of unintended access and actions.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The proxy-request section explicitly allows arbitrary API calls, including mutating HTTP methods, which materially exceeds a skill described as organization management. This creates a confused-deputy risk where an agent may use the skill for broader read/write operations than the user intended, potentially modifying or deleting SiteSpeakAI resources.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description says to use the skill whenever the user wants to interact with SiteSpeakAI data, which is broader than the named purpose and can cause over-selection for many routine requests. Overbroad triggering increases the chance the agent will reach for a powerful integration when a narrower or safer path would suffice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes direct proxy requests with GET/POST/PUT/PATCH/DELETE but provides no caution about destructive effects, approval boundaries, or confirmation requirements. In an agent setting, this omission makes accidental or silent state-changing operations more likely, especially when combined with broad action-discovery guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal