ClawHub

Appwrite

Security checks across malware telemetry and agentic risk

Overview

This Appwrite skill is a coherent integration, but it gives an agent broad Appwrite management and raw API authority without enough scoping or confirmation guidance.

Install only if you trust Membrane and intend to let an agent manage your Appwrite environment. Use a least-privilege Appwrite connection, verify the Membrane CLI source/version, limit the connection to the intended project, and require explicit confirmation before any create, update, delete, team/user, function, storage, permission, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description narrows the skill to 'Manage Accounts, Projects,' but the body clearly exposes much broader administrative capabilities across databases, storage, functions, teams, and users. This mismatch can cause users or orchestration systems to invoke the skill with less scrutiny than warranted, increasing the chance of over-privileged use.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The documented proxy feature allows arbitrary direct API requests to Appwrite endpoints, which materially exceeds the implied 'structured integration' model. That enables actions outside curated operations, including sensitive or destructive administrative calls, and can bypass guardrails that would exist in pre-defined actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description 'Use when the user wants to interact with Appwrite data' is broad enough to trigger on many generic Appwrite-related requests. Overbroad invocation criteria can cause the skill to be selected in situations involving sensitive admin actions or raw API access without the user understanding the breadth of capabilities being activated.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal