ClawHub

15Five

Security checks across malware telemetry and agentic risk

Overview

This is a real 15Five integration, but it gives an agent broad authenticated access to sensitive HR data, including write and delete-capable raw API requests, with weak scoping and safety warnings.

Install only if you intend to let an agent work with sensitive 15Five HR and performance data through Membrane. Use the lowest-privilege 15Five account available, review every create/update/delete request before it runs, avoid raw proxy calls unless you understand the endpoint and method, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest describes the skill as managing Persons and Organizations, but the body documents much broader capabilities including objectives, reviews, groups, departments, and generic API access. This scope mismatch can mislead users or higher-level policy systems into approving or invoking the skill under a narrower trust assumption than what it can actually do.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The proxy request section enables arbitrary direct requests to the 15Five API, including endpoints beyond the listed actions. That effectively turns the skill into a general-purpose API client, bypassing the narrower capability framing and increasing the chance of unexpected access to sensitive HR data or unsupported operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents write-capable proxy methods such as POST, PUT, PATCH, and DELETE without an explicit warning or confirmation requirement for destructive or modifying operations. In an HR/performance-management context, this could lead to accidental changes or deletion of employee, review, objective, or organizational data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal