ClawHub

Dots

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Membrane-based Dots integration, but it is under-described and inconsistently framed while exposing payout, transfer, raw API, and permanent deletion capabilities.

Review this as a payment/platform integration, not a puzzle-game helper. Install only if you intend to grant Membrane access to Dots payment and user-management capabilities; use the least-privileged connection available, require explicit confirmation before payouts, transfers, batches, proxy requests, or deletion, and verify how to revoke the connection before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises a narrow data-management skill for Organizations, Users, and Filters, but the body documents substantially broader financial capabilities such as payouts, transfers, onboarding flows, and generic API access. This mismatch can cause an agent or reviewer to authorize or invoke the skill under false assumptions, increasing the chance of unintended access to money movement or sensitive operations.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation claims Dots! is a mobile puzzle game, while the actual actions clearly target a financial/platform API handling users, payouts, transfers, and onboarding. This contradiction undermines operator trust and can mislead agents into treating a financially sensitive integration as harmless entertainment software, weakening scrutiny around high-risk actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented proxy request feature allows direct requests to arbitrary API endpoints through an authenticated connection, which goes well beyond the stated scope of managing Organizations, Users, and Filters. In practice, this can bypass the safer, narrower action model and enable access to undocumented, sensitive, or destructive operations using the user's credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough that an agent may select this skill for generic requests involving 'Dots data' without understanding that the skill also exposes sensitive financial and destructive operations. Over-broad routing increases the probability of accidental invocation in contexts where least privilege and tighter tool matching are necessary.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents a permanent delete-user action without any warning, confirmation requirement, or operator guidance. In an agentic setting, exposing destructive operations without guardrails materially raises the risk of irreversible accidental or unauthorized deletion of user records.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal