ClawHub

Supercast

Security checks across malware telemetry and agentic risk

Overview

This Supercast integration appears legitimate in purpose, but it exposes broad authenticated API access with unclear routing and weak safeguards around changes or deletion.

Review this before installing if your Supercast account contains production member or subscription data. Prefer discovered Membrane actions over raw proxy calls, require explicit confirmation before creating, updating, or deleting anything, and verify that the manifest/invocation text has been corrected to match Supercast rather than unrelated CRM objects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest advertises CRM-style entities like Persons, Deals, Leads, Projects, and Pipelines, but the body of the skill describes Supercast as a podcast subscription platform with Podcasts, Episodes, Organizations, Members, and Shared Audio. This mismatch can cause the agent to invoke the skill in the wrong contexts and take actions against an unrelated integration surface, increasing the chance of unintended data access or incorrect operations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill exposes a generic proxy request mechanism that allows arbitrary API paths and mutating HTTP methods beyond the narrower, user-facing description of interacting with Supercast data. Even if intended as a fallback, this materially expands capability and can enable unintended reads, writes, or destructive actions that are not constrained by the documented action set.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad enough to match many generic requests about 'interacting with Supercast data' without defining concrete task boundaries. Over-broad routing increases the risk that an agent selects this skill for ambiguous requests and then uses its more powerful features, including direct API access, in situations the user did not clearly intend.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation presents direct API requests with POST, PUT, PATCH, and DELETE as ordinary options but does not warn that these methods can modify or delete remote data. In an agent setting, omission of such guardrails can lead to accidental destructive actions because the model is encouraged to use the proxy without a confirmation or safety boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal