ClawHub

Talend

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent broad authenticated control over Talend through Membrane while its description and safety boundaries are too vague.

Install only if you intend to let an agent use Membrane with your Talend account. Use a least-privilege Talend account, verify the connection, action, method, and endpoint before each use, and require explicit approval before any request that creates, changes, deletes, or administers Talend resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The manifest advertises CRM-style entities like Persons, Organizations, Leads, Deals, Activities, and Notes, but the body documents a generic Talend/Membrane integration with action discovery and raw API access. This capability mismatch can mislead an agent or user about the scope of authority and cause the skill to be invoked in contexts where it has broader-than-expected access.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly enables arbitrary proxied HTTP requests to Talend endpoints, including any method and custom headers/body, which materially expands capability beyond a narrow 'interact with Talend data' description. In an agent setting, this can be used to reach sensitive administrative or destructive endpoints, exfiltrate data, or perform unintended state-changing actions under the user's authenticated session.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough that the skill could activate for many generic Talend-related requests, even when the requested task is outside the intended safe workflow. Over-broad routing increases the chance an agent selects this skill and then uses its powerful generic action/proxy features inappropriately.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The proxy section describes direct API requests, including destructive methods like POST, PUT, PATCH, and DELETE, without any warning about sensitive data transmission, permission scope, or the risk of modifying production resources. In an autonomous or semi-autonomous agent workflow, that omission makes unsafe execution more likely because dangerous operations are presented as routine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal