ClawHub

Slottable

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Slottable integration, but it gives an agent broad authenticated access that could change or delete business data without clear guardrails.

Install only if you are comfortable letting an agent use a Membrane connection to access Slottable data. Use the least-privileged Slottable/Membrane account available, review the Membrane authorization flow, require confirmation before any create/update/delete request, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises management of specific Slottable data entities, but also exposes a generic authenticated proxy for arbitrary API requests. That materially expands capability beyond the declared scope, increasing the chance an agent uses this skill to access or modify unintended resources through authenticated requests without clear guardrails.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The overview is inconsistent with the manifest, describing a different object model than the entities named in the skill metadata. This kind of scope and capability mismatch can mislead an orchestrating agent into invoking the skill under false assumptions, causing overbroad data access or incorrect actions against the connected service.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is very broad and can cause the skill to be selected for many generic Slottable-related prompts without sufficient constraints. In combination with authenticated actions and proxy support, over-triggering increases the risk of unnecessary access, unintended modifications, or the agent choosing this skill when a narrower, safer path should be used.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal