ClawHub

Chatlayer

Security checks across malware telemetry and agentic risk

Overview

This Chatlayer skill is purpose-aligned, but it gives an agent authenticated authority to update/delete business data and make broad API requests without clear confirmation guardrails.

Install only if you trust Membrane and intend to let an agent operate on Chatlayer data. Use the least-privileged Chatlayer/Membrane account available, verify the connection, bot, table, filters, and record counts before use, and require explicit confirmation before updates, deletes, or non-GET proxy requests. VirusTotal was pending and the static scan was clean, so the Review verdict is based on the artifact’s high-impact authenticated mutation authority and missing guardrails, not malware evidence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough that it could be selected for generic 'manage data' or 'automate workflows' requests without the user explicitly intending Chatlayer operations. In a tool-enabled agent, over-broad invocation increases the chance of acting on the wrong integration and causing unintended reads or writes in a connected third-party system.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises destructive capabilities like deleting table records but does not state that the agent must obtain explicit user confirmation before performing irreversible actions. In an agentic context, this omission can normalize autonomous destructive behavior and lead to accidental data loss if the tool is invoked on ambiguous requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The proxy request section enables arbitrary authenticated API calls but frames them as a fallback without warning that they may create, modify, or delete remote data. Because this bypasses safer prebuilt actions and can hit any endpoint with valid credentials, misuse or prompt confusion could result in broad unintended changes to Chatlayer resources.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal