ClawHub

Decision Journal

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Decision Journal connector, but it exposes broad authenticated API proxy access without clear guardrails for privacy or account changes.

Install only if you trust Membrane and intend to connect it to your Decision Journal account. Prefer the listed actions over raw proxy requests, and explicitly confirm any create, update, delete, or proxy operation before allowing it to run under your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims a constrained scope around managing Decision Journal entities, but later exposes a generic proxy mechanism that can issue arbitrary API requests through an authenticated connection. That mismatch weakens user and orchestrator expectations, increasing the chance the skill is invoked for broader data access or modification than its manifest suggests.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that an agent may select this skill for many generic requests related to Decision Journal, even when the user did not clearly intend external-service interaction. Over-broad routing increases the risk of unnecessary disclosure of user content to a third-party service or unintended authenticated actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents direct proxy requests to an external API without warning that prompts, notes, decisions, or other user-provided content may be transmitted off-platform. In an agent setting, missing disclosure and confirmation around raw proxy use can lead to privacy violations, over-collection, or unintended writes against the user's account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal