ClawHub

Zip Archive Api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane-based Zip Archive API integration, with expected account-connection and API-request risks but no evidence of hidden or malicious behavior.

Install only if you trust Membrane and the npm CLI package. Connect only the intended account, and review any create, update, delete, or raw proxy request before letting the agent run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is scoped as a Zip Archive API integration, but its documented connection flow explicitly allows creating connectors for arbitrary apps when no known app matches the supplied URL. That expands the skill from a narrow archive API integration into a general external-app connector, which can let an agent access unintended services and violate user expectations or least-privilege boundaries.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy request section grants arbitrary HTTP method, endpoint, header, query, and body control, effectively turning the skill into a general-purpose authenticated HTTP client. In the context of a narrowly branded Zip Archive API skill, this enables actions far beyond archive management, including invoking undocumented, sensitive, or destructive endpoints through inherited credentials.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation guidance says to use the skill whenever the user wants to interact with Zip Archive API data, which is broad and underspecified. Loose trigger criteria can cause the agent to select this skill in contexts where its networked and authenticated capabilities are unnecessary, increasing the chance of overreach or unintended external actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal