ClawHub

Docugenerate

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real DocuGenerate integration, but it gives an agent broad authenticated power to change or delete documents without clear safety checks.

Install only if you trust Membrane and want an agent to operate on your DocuGenerate account. Use the least-privileged account available, require clear confirmation before any update/delete or proxy request, and consider pinning the Membrane CLI version instead of installing @latest globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is declared as a DocuGenerate integration, but the documented `membrane connection ensure` flow explicitly allows creating connectors for arbitrary apps or domains if no known app is found. That expands the effective trust boundary far beyond the stated scope and could let an agent be steered into interacting with unintended third-party services under this skill.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy request section permits arbitrary direct API calls through Membrane, which bypasses the narrower documented scope of managing documents and templates. This broadens the skill from a scoped integration into a general authenticated API proxy, increasing the chance of unauthorized reads, writes, or use of undocumented endpoints.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises destructive actions like deleting documents and templates without any warning, safeguard, or confirmation guidance. In an agent context, this increases the risk of accidental irreversible data loss if the model selects a destructive action too readily.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal