ClawHub

Postman

Security checks across malware telemetry and agentic risk

Overview

The Postman skill matches its API-testing purpose, but it can silently start onboarding and persist API workflow details without clear user consent.

Review this before installing if your API work involves private services or credentials. Use fake sample data, avoid committing environment files or test fixtures with real secrets, do not use TLS-bypass flags outside controlled debugging, and only allow memory persistence if you are comfortable with API project names, auth patterns, and environment conventions being retained locally or in agent memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes examples with passwords in CSV/JSON test data and a token passed directly via environment-variable substitution, but it does not warn that these values are secrets that can be exposed through source control, CI logs, exported reports, shell history, or shared example files. In a CI/testing skill centered on API automation, this is especially risky because users commonly copy examples verbatim into pipelines and repositories.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents --insecure and -k as useful flags without any warning that they disable TLS certificate verification, which can enable man-in-the-middle attacks and cause users to accept spoofed endpoints. In an API testing/automation context, normalizing this option is dangerous because it may be copied into CI or shared scripts that handle authenticated requests and sensitive data.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill activates based on local filesystem state (`~/postman/`) rather than explicit user intent, which can cause the setup behavior to run unexpectedly and alter the assistant’s behavior without a clear user request. This is risky because hidden activation conditions reduce transparency, can surprise users, and may trigger data collection or persistence flows in contexts where the user did not consent to onboarding or setup actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to save workflow details to `~/postman/memory.md` and MAIN memory without clearly informing the user or requesting consent. Persisting API projects, authentication patterns, and environment conventions can expose sensitive operational metadata over time, especially in API contexts where project names, auth schemes, and environment details may reveal internal infrastructure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal