ClawHub

Yuki

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Yuki integration, but it gives an agent broad authenticated ability to change or delete Yuki data through Membrane without clear built-in limits or confirmation steps.

Install only if you trust Membrane and want an agent to operate on Yuki data. Use a least-privileged Yuki/Membrane account where possible, review or pin the Membrane CLI install if your environment requires supply-chain control, and require explicit approval before create, update, delete, or raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal