ClawHub

Publish Confluence

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Confluence API reference skill with powerful admin and deletion examples, but no hidden code or off-purpose behavior was found.

Install only if you want an agent to make direct Confluence Cloud REST API calls. Use a least-privilege Atlassian token, avoid admin credentials unless necessary, and require explicit human approval for admin-key, invitation, delete, purge, redact, or other tenant-changing operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill exposes administrative functionality such as enabling/disabling the Confluence Admin Key, which materially exceeds ordinary content-management operations. In an agent context, this expands privilege and creates a pathway for elevated access or misuse if the skill is invoked with broad credentials.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
User access checks and invitation endpoints are not necessary for routine Confluence content operations and enable account discovery and user provisioning actions. In a delegated agent workflow, these features can be abused to enumerate users or invite unauthorized accounts into the tenant.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill broadly advertises create/update/delete management without safety guidance about destructive actions, rollback limits, or approval expectations. In an agent-driven environment, omission of such guardrails increases the likelihood of accidental destructive operations against production Confluence content.

Missing User Warnings

High
Confidence
95% confidence
Finding
The example for permanent attachment deletion uses `purge=true` without an explicit warning that the action is irreversible. This is dangerous because it normalizes a destructive command that can cause unrecoverable data loss if executed by an automated agent or inattentive operator.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication guidance shows direct handling and base64 encoding of email and API token credentials without warning that base64 is not encryption and that tokens must not be logged, echoed, or embedded in transcripts. This can lead to credential exposure through shell history, logs, screenshots, or agent output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal