ClawHub

Coassemble

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Coassemble integration, but it gives an agent broad authenticated power to change or delete workspace data without clear built-in safeguards.

Install only if you trust Membrane and intend to let an agent operate on your Coassemble workspace. Use the least-privileged account available, review the exact connection, action, parameters, and affected records before any write/delete/proxy request, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation description is broad enough that the skill may activate for generic requests about Coassemble, not just explicit data-management tasks. Over-broad triggering can cause an agent to initiate networked access to enterprise training data or workflows when the user only wanted general information, increasing the chance of unintended data exposure or side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive actions like deleting members, groups, and enrollments without any safety note, confirmation requirement, or warning about irreversible effects. In an agent setting, this omission raises the risk that the model executes data-modifying or destructive operations without making the user aware of the consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The proxy request feature enables arbitrary authenticated API calls through Membrane, but the documentation does not warn that this can reach sensitive or destructive endpoints beyond the curated action set. This materially expands the attack surface because an agent can issue custom state-changing requests or access unreviewed resources using the user's authenticated connection.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal