ClawHub

FlowBridge

Security checks across malware telemetry and agentic risk

Overview

FlowBridge is a coherent automation skill, but it needs review because it can define broad cross-platform message, document, approval, and file workflows without enough scoping or confirmation safeguards.

Review before installing or deploying with real accounts. Use test accounts first, restrict connector OAuth scopes, inspect every AI-generated or template-created workflow before running it, avoid moving chat logs, invoices, approvals, employee data, or files unless you have consent and a clear destination policy, and do not log or export tokens or sensitive audit data to shared locations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The implementation contradicts its own security intent: it flags some actions as requiring extra authorization, then explicitly exempts admins from that extra check. In a permission-management component, this creates a policy bypass for the highest-privilege accounts, increasing the blast radius of admin account compromise or insider misuse.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README provides copyable examples for sending messages, syncing files, exporting logs, and handling approvals across external platforms, but it does not warn about consent, data disclosure, log sensitivity, or unintended cross-platform propagation of personal or business data. In a no-code automation skill targeting non-technical users, omission of privacy and data-impact warnings materially increases the risk of unsafe deployment and misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes automated cross-platform syncing and workflow execution across WeChat, DingTalk, Feishu, WPS, and cloud storage, but provides no warning that data may be transferred between services or that actions may have system-side effects. In this context, hidden automation is risky because users may trigger flows that propagate sensitive files or perform writes across multiple connected platforms without informed consent.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The configuration enables multiple high-action integrations with broad capabilities such as messaging, file sharing, document creation, approvals, and downloads, but shows no trigger scope, approval gates, tenant restrictions, or least-privilege constraints. In a no-code automation skill, this increases the risk that workflows can be over-permissive, misused, or unexpectedly act across external platforms if activation and authorization are handled elsewhere without strict controls.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example prints part of an access token to console output, which normalizes unsafe handling of credentials and may leak sensitive material into logs, terminals, CI output, screenshots, or shared demo environments. Even partial token disclosure can aid correlation, debugging abuse, or accidental full-secret exposure if copied into real implementations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The generator converts natural-language instructions directly into workflow action nodes that can move data across platforms, create documents, and send notifications without any confirmation, preview, or safety gating. In an automation skill that bridges WeChat, DingTalk, Feishu, WPS, and cloud storage, this increases the risk of unintended data transfer, oversharing, or destructive automation from ambiguous or manipulated prompts.

Missing User Warnings

High
Confidence
97% confidence
Finding
When no specific action is recognized, the code creates a generic 'execute' action and marks it as critical, despite having no clear semantics or user warning. This is dangerous because ambiguous input can silently produce a privileged-looking operation, which may later be interpreted by downstream workflow components in overly broad or unsafe ways.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal