ClawHub

Smaily

Security checks across malware telemetry and agentic risk

Overview

This Smaily skill is a real, disclosed Membrane integration, but it gives broad authenticated API access without clear boundaries or confirmation rules.

Install only if you trust Membrane-mediated access to the intended Smaily account. Require the agent to confirm the exact connection and get explicit approval before any write, delete, bulk contact, campaign, domain, form, user, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest description claims CRM-style capabilities like managing Persons, Organizations, Deals, Activities, Notes, and Files, but the body documents Smaily email-marketing resources instead. This mismatch can cause an orchestrator or user to invoke the skill under false assumptions, leading to unintended access patterns or operations against the wrong system scope.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The skill is described as interacting with Smaily data, but it also explicitly allows arbitrary direct API requests through a generic proxy. That expands capability from bounded, discoverable actions to effectively broad API access, which can bypass intended guardrails and enable sensitive or destructive operations not apparent from the manifest.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that the skill may be selected for many generic mentions of Smaily without clear task boundaries. Over-broad routing increases the chance of unnecessary tool use and accidental execution of actions in contexts where the user did not intend operational access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal