ClawHub

46Elks

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate 46elks integration, but it can send messages, make calls, delete telecom records, and use a broad authenticated API proxy without clear confirmation safeguards.

Review before installing. Use only with the intended 46elks account, require explicit approval before sending messages, making calls, deleting records, allocating or configuring numbers, or using non-GET proxy requests, and know how to revoke the Membrane connection afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The manifest says the skill is for managing organizations, but the body of the skill enables telephony and messaging operations such as sending SMS, making calls, and deleting messages. This mismatch can mislead users or higher-level agents into invoking the skill under false assumptions, increasing the chance of unintended external actions and bypass of user expectations or policy routing.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documented actions are unrelated to organization management and instead expose messaging and call APIs, including destructive operations. In a tool-selection or policy-enforcement setting, inaccurate metadata can cause the skill to be chosen for the wrong task and grant access to more sensitive behaviors than expected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill lists destructive and externally impactful operations like send-sms, make-call, delete-sms, delete-mms, and delete-call without requiring user confirmation or warning about cost, data loss, or contacting third parties. In this context, a natural-language agent could perform irreversible or billable actions based on ambiguous prompts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal