ClawHub

Droxy

Security checks across malware telemetry and agentic risk

Overview

This Droxy skill is a legitimate-looking integration, but it gives broad authenticated account access including deletes and raw API requests without clear safety limits.

Install only if you are comfortable giving a Membrane-connected agent broad access to your Droxy account. Use a least-privileged account where possible, confirm every create/update/delete/save or proxy request before it runs, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and description say the skill is for managing organizations, but the body documents a much broader Droxy integration covering chatbots, resources, conversations, and generic action discovery. This scope mismatch can cause the agent to invoke the skill in contexts far beyond the user's expected authorization boundary, increasing the chance of unintended access or operations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The proxy section explicitly enables arbitrary authenticated API requests through Membrane, including any path and mutating HTTP methods, which is far broader than the stated organization-management purpose. This creates a privilege-expansion path where an agent can reach undocumented or destructive Droxy endpoints under the user's credentials without clear scoping or safety constraints.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation text says to use the skill whenever the user wants to interact with Droxy data, which is broad enough to match many generic requests. Over-broad routing increases the chance the skill is selected for sensitive or destructive tasks the user did not specifically intend, especially given the documented write/delete and proxy capabilities.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises destructive actions such as deleting resources and chatbots but provides no confirmation, approval, or rollback guidance. In an agent setting, this omission makes accidental or unauthorized destructive operations more likely when the model acts on ambiguous user requests.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The proxy request guidance presents arbitrary HTTP methods and direct endpoint access without warning that POST/PUT/PATCH/DELETE can modify or destroy remote data. Because requests are sent with the user's authenticated session, the omission materially increases the risk of unsafe agent behavior and unintended data loss or state changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal