ClawHub

Api4Ai

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Api4ai/Membrane integration, but its description wrongly advertises CRM management and could cause users or agents to send the wrong data to an external AI service.

Install only if you intend to use Api4ai through Membrane, not a CRM tool. Connect only the intended account, verify the CLI package before global installation, and require explicit approval before proxy calls or uploads involving sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest says the skill manages CRM entities like leads, deals, and pipelines, but the body documents Api4ai image/video analysis actions. This mismatch can misroute user intent, cause an agent to invoke the wrong external service, and lead to unintended disclosure of user data to an unrelated third-party API.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The top-level skill description contradicts the documented purpose of the integration, creating a deceptive interface for agents and users. In practice, this can cause sensitive business data intended for CRM operations to be handled as input to an AI/media analysis service, violating user expectations and data-flow boundaries.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill encourages direct proxy requests to the external Api4ai API but does not warn that arbitrary request paths and bodies may transmit user-provided content to a third party. In this context, the risk is elevated because the skill already has confused identity/purpose, so users may not realize their data is leaving the expected system boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal