ClawHub

Ai21 Labs

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane-based AI21 Labs integration, with broad API access that users should control carefully but no evidence of hidden or malicious behavior.

Install this only if you trust Membrane and the Membrane CLI. Prefer discovered Membrane actions over raw proxy requests, keep the connection scoped to AI21 Labs, and confirm any POST, PUT, PATCH, DELETE, or cost-incurring request before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as an AI21 Labs integration, but its documented proxy capability permits arbitrary direct API requests, including state-changing methods like POST, PUT, PATCH, and DELETE. That broadens the operational scope beyond narrowly defined actions and can enable unintended or overly powerful interactions if the agent is invoked under the assumption that it is limited to safe, predefined operations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The connection workflow states that if no known app is found, one is created and a connector is built automatically. This exceeds the stated AI21 Labs-only purpose and creates a capability expansion path where the skill could be used to connect to arbitrary external services, undermining least privilege and increasing the chance of misuse or scope confusion.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation description says to use the skill when the user wants to interact with AI21 Labs data, which is broad enough to match many loosely related requests without clarifying sensitive versus non-sensitive operations. In an agentic environment, broad routing language can cause over-selection of this skill and expose users to more powerful capabilities than necessary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal