ClawHub

Webflow

Security checks across malware telemetry and agentic risk

Overview

This Webflow skill is coherent, but it gives an agent broad live Webflow read/write and raw API access without enough built-in scoping or confirmation guidance.

Install only if you trust Membrane and intend to let an agent operate on your Webflow account. Use the least-privileged Webflow account available, confirm the exact site and action before any create/update/delete or proxy request, and revoke the Membrane/Webflow connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill advertises a Webflow-specific site-management integration, but the documented proxy feature enables arbitrary Webflow API access beyond the listed actions. That scope expansion increases the chance an agent will perform unintended reads or writes outside the user's expected task boundary, especially because the proxy supports direct endpoint access rather than a constrained action set.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is branded as a Webflow integration, but it instructs the agent to create connections from arbitrary app URLs or domains. This broadens capability from a single-service integration into a generic connector bootstrap flow, which could be abused to pivot into unrelated third-party systems and exceed the user's reasonable expectations for this skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly supports raw proxy requests with POST, PUT, PATCH, and DELETE, but it does not warn that these methods can modify or delete production content. In an agent setting, omission of guardrails around destructive methods makes accidental or unauthorized state changes materially more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal