ClawHub

Maverick Monday Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Monday.com connector that uses a user-provided token to read and change Monday.com workspace data.

Install this only for agents you want to let access Monday.com through the token you provide. Use the least-privileged token available, review the live tool list before sensitive work, and require explicit confirmation before creating, updating, deleting, archiving, publishing, or commenting on workspace data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
The output includes the server's `Instructions:` field, if published, and a JSON Schema for every tool's parameters. Treat this as the authoritative reference for the rest of the session.

**Step 2 - Call any tool from the catalog** using the form `maverick-monday.<tool>`:

```sh
mcporter --config {baseDir}/mcporter.json call maverick-monday.<tool> <arg>=<value> ...
Confidence
80% confidence
Finding
Call any tool

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal