ClawHub

Cloud Convert

Security checks across malware telemetry and agentic risk

Overview

This looks like a real CloudConvert/Membrane integration, but its published description is misleading and it includes account-changing actions without clear confirmation guidance.

Install only if you intend to use Membrane with CloudConvert for file conversion. Confirm the CloudConvert account being connected, avoid uploading sensitive files unless necessary, treat generated download URLs carefully, and require explicit approval before deleting or canceling jobs, tasks, or webhooks. The publisher should correct the CRM-style description before this is treated as cleanly scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest description says the skill manages CRM-style entities like deals, persons, organizations, leads, projects, and pipelines, but the body of the skill is clearly for CloudConvert file conversion. This mismatch can cause the agent to invoke the skill in the wrong context, leading to unintended external actions against the wrong service and confusing users about what data or operations are involved.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad and misleading, telling the agent to use this skill whenever the user wants to interact with 'Cloud Convert data' while the actual capability is operational control over conversion jobs, tasks, uploads, webhooks, and proxy API requests. This increases the chance of accidental invocation and action execution when the user did not clearly intend to perform CloudConvert operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents destructive operations such as deleting webhooks, tasks, and jobs, and canceling tasks without any warning, confirmation requirement, or user-approval guidance. In an agentic setting, this can lead to irreversible state changes or service disruption from mistaken or over-broad execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal