ClawHub

Double

Security checks across malware telemetry and agentic risk

Overview

This skill looks like a real Membrane integration, but its instructions mix different Double/Keeper products and allow broad account-changing actions without clear confirmation safeguards.

Install only if you trust Membrane and are certain this is the correct Double account and product. Use a least-privileged account where possible, review the connection scopes, and require explicit confirmation before any create, update, delete, invitation, posting, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is labeled as a Double integration, but major portions of the content describe Keeper-style entities (Vault, Password, Shared Folder) and then list actions for an apparently different practice-management/productivity API (clients, tasks, contacts, posts). This mismatch can cause an agent to operate on the wrong external service or wrong data model, increasing the risk of unintended data access, disclosure, modification, or destructive actions against a different tenant or application than the user intended.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation contradicts itself about the target service and underlying data model, mixing executive-assistant branding with password-vault entities and unrelated business actions. In an agent setting, contradictory instructions are dangerous because they undermine tool-selection and authorization boundaries, making it plausible for the agent to connect to or manipulate the wrong system while believing it is servicing the user's Double request.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation guidance says to use the skill whenever the user wants to interact with Double data, which is too broad and does not constrain what kinds of reads, writes, or administrative operations require additional confirmation. Overbroad routing increases the chance that the skill is invoked for sensitive or destructive operations without sufficient scoping, especially given the rest of the document's confusion about the actual connected service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive or high-impact actions such as deleting users and updating records without any warning, approval checkpoint, or confirmation expectation. In an agent-driven environment, that omission can lead to accidental destructive changes being executed from ambiguous or incomplete user requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal