ClawHub

Api Gateway 1.0.69

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad API gateway that can act on many connected services, and its documentation does not sufficiently constrain or warn about high-impact actions.

Install only if you are comfortable giving an agent a general-purpose gateway to your connected services. Before use, connect only the specific accounts needed, verify the active connection, and require explicit human confirmation before any create, update, delete, send, publish, billing, admin, or webhook action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (94)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README states 'Uses API key authentication' for Buffer, which conflicts with the skill metadata stating third-party access requires explicit user OAuth authorization through Maton. This can mislead downstream agents or developers into assuming the Maton API key alone is sufficient for Buffer access, weakening trust boundaries and potentially causing unauthorized request construction or unsafe handling of user consent.

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The README explicitly says fal.ai uses API key authentication, which contradicts the skill metadata's assurance that third-party services require explicit OAuth authorization through Maton's connect flow. In an API-gateway skill that brokers access to many external services, this mismatch can mislead users and downstream agents about the actual trust and authorization boundary, increasing the risk of unauthorized third-party calls or improper secret handling.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The reference explicitly states that the Manus connection uses API_KEY authentication, which conflicts with the skill metadata claiming third-party access requires explicit user OAuth authorization through Maton's connect flow. This mismatch can mislead downstream agents or users about the trust boundary and authorization model, potentially enabling direct third-party access with a shared credential rather than per-user consented access.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation guidance says to use this skill whenever users want to interact with external services, which is extremely broad for a capability that can perform arbitrary authenticated API calls across many providers. That increases the chance the agent will invoke a high-privilege network skill in situations where a narrower, safer skill would be more appropriate, raising the risk of unintended data access or modification.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises broad direct passthrough access to native third-party APIs, including examples for creating resources and deleting connections, but does not present a prominent warning that use of the skill may send, modify, or delete user data in connected services. In an agent setting, that omission can cause unsafe use because users and orchestrators may not appreciate that this is effectively a generic write-capable API executor.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents create and update operations for contacts and accounts but does not clearly warn that these calls mutate live third-party CRM data. In an agent skill context, that omission increases the chance an agent or user will treat these examples like harmless reads and accidentally create or alter records in Apollo, causing integrity issues and unintended business actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Adding contacts to sequences can trigger outbound sales or engagement workflows, which is a materially riskier side effect than ordinary data retrieval. Without an explicit warning, an agent may initiate customer-facing outreach, creating reputational, compliance, and operational risk through unintended contact or spam-like behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that authentication is automatic and provides examples involving person, contact, organization, and email-related data, but does not warn that requests send potentially sensitive personal and business information to Apollo, a third-party service. In a multi-API agent gateway, this omission can lead users or agents to forward personal data for enrichment or search without informed consent or appropriate data-handling caution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README exposes clearly actionable destructive and outbound-communication operations, including contact deletion, campaign sending, and transactional email sending, but provides no warning that these actions modify user data or send messages to external recipients. In an agent skill context, that omission increases the chance an agent or developer will invoke these endpoints without explicit user confirmation, causing unintended data loss, spam, or reputation damage.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README exposes account-reading and post-creation/scheduling capabilities, including access to email and the ability to publish content, without any warning that these are privacy-sensitive and account-impacting operations requiring explicit user authorization and confirmation. In an agent skill context, incomplete safety guidance increases the chance that an agent will perform high-impact actions without adequate user awareness or confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README exposes multiple state-changing and externally communicating endpoints such as sending SMS/MMS/voice messages and deleting templates, lists, contacts, and email addresses without any caution that these actions can incur charges, transmit messages to third parties, or permanently alter user data. In an agent skill context, omission of such guardrails increases the chance that downstream agents or users invoke destructive or billable operations without explicit confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README exposes numerous state-changing and destructive operations such as DELETE, PUT, PATCH, and POST without any cautionary guidance, confirmation requirements, or notes about irreversible effects. In an agent skill context, this increases the chance that an LLM-driven workflow invokes destructive endpoints from ambiguous user prompts or prompt injection, causing unintended modification or deletion of third-party data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README documents a member-removal flow that includes destructive options such as wiping data and transferring ownership, but it provides no warning about irreversibility, authorization requirements, or the risk of accidental administrative misuse. In an agent skill that enables API invocation against live Dropbox Business tenants, this omission can normalize dangerous actions and increase the chance of unintended account deletion or data loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README exposes a permanently_delete team folder operation without any caution that the action is irreversible and can destroy shared organizational data. Because this skill is meant to facilitate external-service actions, lack of warning materially raises the risk that an agent or user invokes a destructive endpoint without understanding the consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explains use of the Dropbox-API-Select-User header to access files on behalf of a member, but it omits privacy, consent, auditability, and least-privilege guidance. In a multi-service agent context, documenting impersonation-style access without safeguards can enable unauthorized access to employee files or normalize surveillance-like behavior by downstream agents.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documentation introduces API-key-based access and webhook callbacks without warning users that prompts, generated content, callback URLs, and possibly sensitive data may be transmitted to a third party. In this skill context, omissions around credential handling and outbound data flows are security-relevant because users may assume Maton's OAuth/scoped-connect model applies uniformly when it may not.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The webhook example explicitly shows exporting transcripts, summaries, and action items to an arbitrary destination URL, but provides no warning that this data can contain sensitive meeting content, personal information, or confidential business discussions. In an API gateway skill that makes cross-service actions easy, this omission can normalize unsafe data exfiltration patterns and lead users or downstream agents to send highly sensitive content to untrusted endpoints.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The async callback examples show using destination_url for transcript and summary retrieval without warning that the API may deliver meeting-derived content to an external webhook endpoint. Because transcripts and summaries often contain sensitive internal conversations, the lack of a privacy and trust-boundary warning increases the risk of accidental disclosure to third-party infrastructure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This README exposes powerful scraping, crawling, browser automation, search, and agent capabilities but provides no warning that user-supplied URLs, prompts, and actions may transmit data to an external service, interact with third-party systems, or collect sensitive content. In an agent skill context, the lack of privacy, authorization, and target-impact guidance increases the chance of unsafe use, including scraping internal URLs, processing sensitive pages, or automating against sites without clear user awareness.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README documents live mutate operations for creating and modifying Google Ads campaigns without any caution about budget spend, production impact, or the need for explicit user confirmation. In an agent skill that connects to real customer ad accounts via OAuth, this increases the chance an agent or user will execute state-changing requests against production resources without understanding the consequences.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The note that authentication is automatic and headers are injected omits a warning that requests will run with the user's authorized Google Ads privileges against potentially sensitive advertising data and live accounts. This can mislead operators into treating the integration as low-risk plumbing, when in fact any request may access private campaign data or trigger account changes if broader OAuth scopes are present.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README provides ready-to-use create and update examples for Google Analytics properties without clearly warning that these operations modify live customer configuration. In an agent skill that automatically injects OAuth credentials for authorized accounts, this increases the chance of unintended destructive or unauthorized administrative changes being made under a user's real Google Analytics access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README includes multiple administrative creation examples for data streams, custom dimensions, custom metrics, conversion events, and measurement protocol secrets without any user-facing safety guidance. Because these actions can alter analytics collection behavior, create tracking credentials, and affect reporting integrity in real environments, exposing them as routine examples in an OAuth-backed skill creates meaningful risk of accidental misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Stating that OAuth token injection is automatic without emphasizing that requests execute against the user's accessible Google Analytics accounts can normalize high-trust authenticated actions and obscure the consequences of running write operations. In this skill context, automatic authentication makes the documentation more dangerous because even simple copied examples may act immediately on live tenant resources once a connection exists.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that authentication is automatic and the router injects the OAuth token, but it does not clearly warn that invoking these routes sends potentially sensitive analytics data to Google's external API under the user's authorized connection. In an agent setting, this omission can cause users or downstream tool builders to misunderstand the external data flow and consent boundary, increasing the risk of unintended disclosure of business analytics data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal