ClawHub

Botmaker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Botmaker integration, but it gives broad authenticated Botmaker control without enough scoping or confirmation guidance.

Install only if you trust Membrane as an intermediary for Botmaker data and can use a least-privileged Botmaker account. Before letting an agent send messages, change catalogs, trigger intents, download sessions, or use POST/PUT/PATCH/DELETE proxy requests, require it to show the exact target and action and get your explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest and description frame the skill as 'Manage Organizations,' but the body grants and documents much broader capabilities across Botmaker bots, flows, teams, users, messaging, catalogs, sessions, and direct API access. This scope mismatch can cause the agent or user to invoke a far more privileged integration than intended, increasing the chance of unauthorized reads, writes, or destructive actions under a misleadingly narrow label.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generic proxy request feature enables arbitrary HTTP methods to Botmaker API endpoints, effectively bypassing the guardrails of curated actions. In a skill advertised for organization management, this creates an unnecessarily broad capability surface that can be used to modify, delete, or exfiltrate data from any reachable Botmaker endpoint permitted by the connection.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description 'Use when the user wants to interact with Botmaker data' is overly broad and may cause the skill to trigger for many generic Botmaker-related prompts. Because the skill includes high-impact operations and arbitrary action execution, ambiguous routing increases the risk of selecting an overprivileged tool when a narrower or read-only one would be safer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages action execution and direct API requests without warning that these operations may create, modify, message, or delete Botmaker resources. Without clear safety guidance, an agent may perform state-changing actions as routine automation, elevating the risk of unintended business impact or data handling mistakes.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal