ClawHub

Instantly

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Instantly.ai integration through ClawLink, but users should treat setup and account-administration tools as sensitive.

Install only if you trust ClawLink and are comfortable giving it access to your Instantly workspace. Confirm exactly which campaign, lead, webhook, API key, or account action will run before approving writes, and avoid DFY password retrieval unless you specifically need account-provisioning administration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to install a plugin, modify OpenClaw configuration, and restart the gateway, which are host-environment administrative actions outside normal Instantly campaign use. This expands the skill's authority from SaaS operations to local system/tooling changes, creating a path for unintended privilege expansion or disruption if followed automatically.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill states that all write operations require explicit confirmation, but elsewhere provides imperative setup steps that change configuration and restart the gateway without the same safeguard. This inconsistency can cause an agent or user to trust the safety claims while still performing impactful local changes without a confirmation boundary.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Exposing API key creation and deletion gives the skill administrative credential-management capability beyond ordinary campaign execution. If misused, an agent could mint persistent credentials, broaden access, or remove existing keys, affecting security beyond the immediate task context.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The DFY account-order tools include access to email account information and even optional password retrieval, which is highly sensitive and not necessary for ordinary campaign management. In this context, exposing credential-adjacent data materially increases the risk of account takeover, lateral movement, or unauthorized access to external mail infrastructure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal