ClawHub

Anonyflow

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be for AnonyFlow employee feedback, but its instructions include sensitive token and vault operations that could expose or delete data.

Install only after confirming this skill is meant for the exact AnonyFlow/Membrane connection you intend to use. Use a least-privilege account, inspect granted scopes, avoid raw proxy requests unless necessary, require explicit confirmation before detokenizing or deleting anything, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill claims to integrate with an anonymous employee-feedback platform, but the documented capabilities are for tokenization, vaults, detokenization, and sensitive-data handling from a different service domain. This mismatch can cause an agent or user to perform unintended high-risk operations on sensitive data under false assumptions about the target system, increasing the chance of data exposure or misuse.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The listed 'popular actions' contradict the stated AnonyFlow purpose and instead describe operations for managing sensitive tokens and vaults, including detokenization and deletion. In practice, this can mislead an autonomous agent into invoking dangerous data-security functions in the wrong context, potentially exposing protected data or performing destructive operations on unrelated systems.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is overly broad ('manage data, records, and automate workflows'), so the skill may be selected for many generic requests outside its intended scope. Because the documented operations include sensitive and destructive capabilities, over-broad routing increases the risk of accidental misuse or execution against the wrong system.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes irreversible actions like deleting vaults and tokens without any warning, confirmation guidance, or safety checks. In an agentic environment, this omission can lead to accidental destructive actions and permanent loss of stored sensitive data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal