ClawHub

Clockwork

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Clockwork integration, but it needs review because it gives an agent broad authenticated ability to change or delete Clockwork data without clear confirmation safeguards.

Install only if you are comfortable granting Membrane-mediated access to your Clockwork account. Before using it for changes, require the agent to show the exact endpoint, action, record IDs, and data payload, and explicitly approve any create, update, automation, or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill metadata and top-level description are inconsistent with the actual capability set: it is framed as a broad data/records/workflow integration, while the body exposes scheduling/calendar operations plus a generic authenticated proxy. That mismatch can cause overbroad or unintended invocation by an agent, increasing the chance of actions being taken against Clockwork without the user clearly understanding the scope, including direct API calls beyond narrow scheduling tasks.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text is overly broad ('interact with Clockwork data'), which can cause the skill to trigger for many generic requests involving data access or management. In an agent environment, broad routing increases the likelihood of unnecessary access to an external system and can lead to execution of sensitive reads or writes when a narrower skill or clarification should have been used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly documents a raw proxy mechanism supporting POST, PUT, PATCH, and DELETE through an authenticated connection, but it does not require confirmation or warn about destructive effects. This is dangerous because it gives an agent a generic write-capable path to the Clockwork API, enabling accidental or unauthorized modification/deletion of user data if invoked from ambiguous prompts or poor tool selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal