ClawHub

Apiflash

Security checks across malware telemetry and agentic risk

Overview

This ApiFlash skill appears to be a legitimate Membrane-based screenshot integration, but its description and proxy guidance are broader than its documented purpose and could expose sensitive URLs or request data.

Install only if you trust Membrane and intend to use ApiFlash for screenshot or quota tasks. Avoid using it on private, authenticated, internal, or sensitive URLs unless you explicitly approve that data being sent to external services, and review any raw proxy request before allowing write or delete methods.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest description says the skill manages Organizations, Pipelines, Projects, Users, and Filters, but the body documents an ApiFlash screenshot/quota integration. This mismatch can cause the agent to invoke the skill in the wrong context, leading to unintended external requests or disclosure of user-supplied URLs/data to a third-party service. The issue appears misleading rather than overtly malicious, but it materially increases the chance of unsafe or inappropriate use.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description 'Use when the user wants to interact with ApiFlash data' is overly broad and can trigger the skill for ambiguous requests that do not require external API calls. In this skill's context, a mistaken invocation can send user-provided URLs or request parameters to Membrane/ApiFlash, creating unnecessary data exposure and action execution risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explains screenshot capture and direct proxy requests but omits an explicit warning that user-provided URLs, query parameters, headers, and bodies may be transmitted to external services. Because this skill is network-enabled and supports arbitrary proxy requests, users may unknowingly expose sensitive internal URLs, tokens in query strings, or request payloads.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal