ClawHub

Endorsal

Security checks across malware telemetry and agentic risk

Overview

This is a mostly disclosed Endorsal/Membrane integration, but it gives agents under-scoped raw network and account access that users should review before installing.

Install only if you want an agent to use your Membrane-connected Endorsal account. Prefer listed Membrane actions, review the connection ID, endpoint, HTTP method, and request body before any write/delete operation, and avoid full-URL proxy requests unless you intentionally trust the destination and data being sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and top-level description claim broad CRM-style capabilities such as managing persons, organizations, deals, leads, projects, and activities, but the body of the skill documents only Endorsal-specific testimonial/widget/account operations. This capability mismatch can cause an agent to invoke the skill in contexts unrelated to Endorsal, leading to inappropriate data access attempts, user confusion, and unsafe task routing based on false premises.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The proxy section explicitly states that a full URL may be supplied and will be used as-is, which turns an Endorsal integration into a generic authenticated network request capability. That broadens the skill beyond its declared purpose and can enable SSRF-style abuse, exfiltration to unintended destinations, or use of the skill as a general network pivot if an agent is induced to call arbitrary endpoints.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description says to use it whenever the user wants to interact with Endorsal data, while elsewhere it overstates the available object model. This broad trigger increases the chance the skill is selected for requests it cannot safely or correctly satisfy, especially in multi-skill environments where routing depends heavily on manifest wording.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal