ClawHub

Datascope

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real DataScope integration, but it gives an agent broad write and proxy access without clear safeguards.

Install only if you trust Membrane and intend to let an agent operate on DataScope data. Use a least-privilege DataScope/Membrane connection, verify the exact connection and records before each action, and require explicit confirmation before any create, update, bulk update, proxy, or delete-like request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The manifest says the skill is for managing organizations, but the body exposes a much broader integration surface including metadata objects, locations, answers, and raw proxy requests. This scope mismatch can cause an orchestrating agent or user to invoke the skill for actions they did not reasonably expect, increasing the chance of unauthorized or overly broad data access and modification.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad enough to match many requests involving DataScope data, not just a narrowly defined task. In agent environments, overly generic routing descriptions can lead to accidental invocation of a powerful skill in the wrong context, exposing sensitive data or enabling unintended writes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation prominently includes create, update, bulk-update, and proxy request capabilities, including operations with soft-delete behavior, without requiring user confirmation or warning about destructive effects. In a tool-using agent, this creates a real risk of unintended modification, deletion, or corruption of production data from a loosely phrased request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal