ClawHub

Api Gateway 1.0.46

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate API gateway skill, but it gives agents broad authenticated power to read, publish, delete, share, and administer data across many live third-party services without enough built-in safety guidance.

Install only if you trust Maton with brokered access to your connected services and are prepared to supervise every write, delete, send, sharing, webhook, or admin action. Use least-privilege OAuth scopes, connect only the services you need, verify target records before mutation, and require explicit confirmation for destructive or public-facing operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (57)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill exposes broad create/update/delete capabilities across many external services and the documentation does not prominently require explicit user confirmation before destructive or privacy-impacting actions. In an agent setting, this increases the risk of accidental data modification, deletion, or messaging in third-party systems under an already-authorized OAuth connection.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference documents destructive operations such as canceling appointments, rescheduling, and deleting blocks without any warning, confirmation guidance, or indication that these actions modify real user data. In an agent skill that connects to live third-party services, this increases the chance an agent will invoke state-changing endpoints unsafely or without explicit user confirmation, leading to accidental business disruption or data loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly documents destructive folder deletion, including recursive deletion, without any warning about data loss, confirmation requirements, or recovery limits. In an agent skill context, this can normalize or enable unsafe automated use of high-impact endpoints and increases the chance of accidental mass deletion.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes file deletion and permanent trash deletion endpoints without warning users that these actions remove user data and may be irreversible. In a gateway skill used by agents, omission of safety guidance makes accidental destructive execution more likely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference describes creating open shared links and collaborations but does not warn about privacy, oversharing, or external exposure risks. This is dangerous because agents may treat these as routine actions and unintentionally expose sensitive Box content to unauthorized parties.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This reference documents powerful Dropbox Business admin and audit endpoints such as adding members, creating groups and team folders, listing member devices, and retrieving audit events, but it does not warn that these operations affect organization-wide data, access, and employee privacy. In an agent skill context, omission of such warnings can normalize high-risk actions and increase the chance that an agent or user triggers sensitive administrative operations without appropriate confirmation or least-privilege review.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The async callback examples send meeting summaries or transcripts to an arbitrary `destination_url` without any warning that this may transmit sensitive meeting content outside the authorized platform boundary. In a skill designed to connect to many external services, this omission can lead users or downstream agents to exfiltrate confidential meeting data to attacker-controlled or untrusted endpoints.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The webhook creation example enables transcript, summary, and action item delivery to an external URL without warning that these fields can contain highly sensitive meeting content, internal discussions, or customer data. Because this skill brokers access to third-party APIs, normalizing this pattern without guardrails increases the risk of unintended bulk disclosure through persistent webhooks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference documents destructive and data-affecting mutations such as deleting transcripts and updating meeting titles without any caution about user confirmation, authorization expectations, or irreversible effects. In an agent skill context, this can encourage downstream agents or developers to invoke write actions directly based on natural-language requests, increasing the risk of accidental or unauthorized modification of user data in connected third-party services.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation explicitly states that the router injects an OAuth token automatically, but it does not pair that capability with a clear warning that any request sent through this route becomes an authenticated outbound action against the user's Google Analytics Admin resources. In an agent-skill context, this increases the risk of unintended or over-broad actions because downstream agents or users may treat these examples as harmless reference material rather than operations that can read, create, or modify real third-party resources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference includes examples for creating, updating, moving, deleting, uploading, and sharing Google Drive files without any user-facing cautions that these operations modify data or change access permissions. In an agent skill that proxies live OAuth-authorized APIs, such examples can normalize unsafe invocation patterns and increase the chance an agent performs destructive or privacy-impacting actions without explicit user confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference documents access to highly sensitive meeting artifacts—conference records, participant lists, recordings, and transcripts—without any warning that these endpoints may expose private communications, attendee identities, or regulated business data. In an API gateway skill that enables agents to act on a user's connected Google Workspace account, this omission can lead to over-collection or disclosure of sensitive collaboration data without adequate user awareness or consent cues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented 'End Active Call' action is a disruptive control operation that can immediately terminate an ongoing meeting, affecting availability for all participants. In this skill context, where an agent can invoke third-party APIs through managed OAuth, failing to label this as destructive increases the risk of accidental or socially engineered misuse against active business meetings.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference documents destructive Google Play operations such as deleting in-app products without any warning, confirmation guidance, or explanation of irreversible business impact. In an agent skill that helps users interact with external services, this can encourage unsafe automation or accidental destructive actions against production app configurations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This reference documents highly destructive and privilege-changing operations such as deleting users, deleting groups, deleting org units, and granting admin privileges without any inline warning, confirmation guidance, or emphasis on irreversible impact. In an agent skill context, such omission increases the chance an agent or operator will invoke these endpoints without adequate user confirmation, causing accidental privilege escalation or destructive tenant-wide changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference documents destructive delete/archive operations without any explicit guidance to require user confirmation or to warn about data loss. In an agent skill that can act on authenticated HubSpot data, this increases the risk that an agent or user invokes a destructive action unintentionally, leading to deletion or archival of CRM records.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Stating that OAuth authentication is injected automatically without clarifying scope, consent boundaries, and the sensitivity of CRM operations can cause users or agents to underestimate the consequences of authenticated requests. Because the skill operates on real user-authorized HubSpot data, this omission can contribute to privacy-impacting reads or state-changing actions being performed too casually.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference explicitly documents state-changing and destructive Jira operations such as update, delete, transition, assign, and comment without any caution about requiring explicit user confirmation or verifying intent. In an agent skill that brokers OAuth-backed access to external services, this can encourage unsafe agent behavior and unintended destructive actions against real user data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference documents destructive operations such as deleting forms and submissions without any warning, confirmation requirement, or discussion of irreversible data loss. In an agent skill context, this increases the chance that an agent or user invokes deletion actions without understanding the consequences, leading to accidental destruction of customer data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document highlights endpoints for retrieving user submissions and uploaded files but does not warn that these may contain sensitive personal data, attachments, or regulated information. In an API gateway skill, omission of sensitivity guidance can cause over-collection, over-exposure, or unsafe downstream handling of submission contents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference documents multiple create, update, and delete operations against subscriber, tag, custom field, and webhook resources without any cautionary guidance about confirmation, authorization scope, or irreversible effects. In an agent skill context, this increases the chance an LLM will invoke state-changing endpoints directly from ambiguous user requests, causing unintended data modification or deletion in a user's connected Kit account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This reference documents endpoints that can create public posts, upload media, and create advertising resources, but it does not clearly warn that these are state-changing actions affecting a user's LinkedIn presence or ad account. In an agent skill context, that omission increases the risk of unintended posting, ad resource creation, or other account modifications when the agent follows examples too literally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Stating that authentication is automatic and the router injects OAuth tokens, without emphasizing that requests run under the user's authorized LinkedIn account and scopes, can normalize silent use of delegated credentials. In an agent environment, that makes accidental or overly broad account-scoped actions more likely, especially when combined with write-capable examples in the same file.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This reference explicitly documents persistent and destructive workbook operations such as createSession with persistChanges=true, worksheet creation/deletion, range updates, table creation, and row deletion, but provides no cautionary guidance about modifying user data. In an agent skill that connects to real user-authorized Microsoft 365 resources, this omission increases the chance that downstream agents or prompt chains invoke write operations without clear user confirmation, causing unintended data loss or corruption.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference enumerates many destructive and security-sensitive Netlify operations such as deleting sites, DNS records, environment variables, hooks, submissions, and team members, but provides no warning, confirmation guidance, or indication of operational risk. In an agent skill that is meant to help users interact with external services, this increases the chance an agent will treat high-impact actions as routine and execute them from ambiguous or manipulated prompts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal