ClawHub

Confluence Integration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Confluence integration, but it can modify remote wiki content and its credential/security guidance understates the exposure boundary.

Install only if you intend to let the agent read and modify Confluence through the provided account. Prefer an API token or dedicated service account with limited space permissions, verify the URL uses HTTPS and points to the intended Confluence instance, and manually review create/update/attach actions before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The security note is misleading because the credentials are in fact sent to an external Confluence server for authentication. This can cause users to underestimate the exposure boundary of their secrets and may lead to unsafe assumptions about where credentials travel or how they should be protected.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation omits a clear warning that the skill can create pages, update content, and upload attachments to a remote Confluence instance. In an agent setting, insufficient disclosure of write-capable behavior can lead to unintended modification of production documentation or data loss through accidental overwrites.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions expose write-capable operations such as page creation, updates, and attachment uploads without clearly warning that these actions modify remote Confluence content. In an agent setting, this increases the risk of unintended or unauthorized changes to enterprise documentation, especially if a user assumes the skill is read-only or invokes it with broad credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal