ClawHub

Credit Repair Cloud

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Credit Repair Cloud integration, but it can make broad authenticated changes to sensitive client and business data without clear safeguards in the skill instructions.

Install only if you intend to let an agent work with your Credit Repair Cloud account. Use a least-privilege account where possible, verify every target record before updates or deletes, and require fresh confirmation before financial, messaging, user-management, client-record, or non-GET proxy actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents destructive operations such as deleting affiliates and leads/clients, but provides no guidance to require user confirmation, verify target identity, or limit execution to clearly authorized requests. In an agentic context, this increases the chance of accidental or unauthorized remote data deletion, especially because these actions are presented as normal "popular actions" without safeguards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The proxy request section enables arbitrary authenticated API requests, including POST/PUT/PATCH/DELETE, while omitting warnings about direct state-changing network operations. Because Membrane injects authentication automatically, an agent could perform broad unintended modifications against the connected Credit Repair Cloud tenant with little friction or user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal