ClawHub

Digitalriver

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real DigitalRiver/Membrane helper, but it needs Review because it can access and change live commerce records while its description and write-action safeguards are too loose.

Install only if you intend to connect a DigitalRiver commerce account through Membrane. Use a least-privileged or sandbox connection where possible, start with list/get actions, verify the connection ID, and require explicit approval before any create, update, delete, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill metadata claims it manages Organizations, Leads, Projects, Pipelines, Users, and Goals, but the body documents Digital River ecommerce entities like orders, customers, subscriptions, and checkouts. This mismatch can cause the agent to invoke the wrong skill under false assumptions, leading to operations against an unintended external system and possible exposure or modification of live commerce data.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation description is broad enough that an agent may select this skill for many generic requests involving "DigitalRiver data" without distinguishing read-only from destructive operations. In a tool-enabled environment, overbroad routing increases the chance of unintended access to sensitive customer/order information or use of mutating capabilities when a narrower skill should have been chosen.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy request section allows arbitrary API calls, including POST, PUT, PATCH, and DELETE, but does not warn that these can modify or delete live Digital River resources. Because Membrane injects authentication automatically, an agent could issue powerful direct requests with production credentials and cause irreversible changes to orders, subscriptions, customers, or products.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The create and update actions are presented as routine operations without warning that they act on real ecommerce entities such as customers, orders, subscriptions, SKUs, and checkouts. In agentic use, this can normalize state-changing operations and lead to accidental edits, bad transactions, or corruption of production commerce records if the user did not explicitly authorize mutation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal