Clayhr

Security checks across malware telemetry and agentic risk

Overview

This ClayHR skill appears legitimate, but it gives an agent broad authenticated access to sensitive HR records without enough guardrails around changes or deletions.

Install only if you intentionally want an agent to operate ClayHR through Membrane. Use a least-privilege ClayHR account, prefer prebuilt Membrane actions, and require the agent to ask before any create, update, delete, user, role, payroll, benefits, or bulk operation, especially when using raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly enables direct proxy requests, including mutating HTTP methods like POST, PUT, PATCH, and DELETE, against an HR system that contains sensitive employee and payroll-related data. Without an explicit requirement for user confirmation or caution around destructive operations, an agent could modify or delete HR records based on ambiguous prompts or mistakes, making this a real safety issue even if the documentation is not malicious.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal