ClawHub

Switchboard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Switchboard/Membrane integration, but it gives an agent broad authenticated power over Switchboard data and API endpoints without clear limits or confirmation steps.

Install only if you intend to let an agent operate inside your Switchboard account through Membrane. Use a least-privileged account or tenant, prefer discovered Membrane actions over raw proxy calls, explicitly review any endpoint and payload before write or delete operations, and revoke the Membrane/Switchboard connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest advertises a narrower scope ('Manage Organizations, Users') while the body of the skill enables materially broader operations, including calls, settings, call history, and direct API access. This scope mismatch can cause an agent or user to invoke the skill under the assumption of limited access, when it can actually reach additional sensitive telecom and administrative data.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Documenting arbitrary proxied HTTP requests gives the skill a generic capability to access any reachable Switchboard endpoint through authenticated context, far beyond the narrowly described use case. This undermines least privilege and can enable unintended reads or writes to sensitive telephony, configuration, or account resources if an agent follows the guidance loosely.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation text is broad enough that an orchestrator may select this skill for generic requests involving 'Switchboard data,' even when the user's intent is ambiguous or outside the safe intended workflow. Over-broad triggering increases the chance that a powerful integration is used unnecessarily, exposing more data or actions than required.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal