ClawHub

Engage

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Engage integration, but it exposes broad write-capable API access without clear limits or confirmation safeguards.

Install only if you trust the publisher and are comfortable granting Membrane-backed access to your Engage account. Use curated Membrane actions where possible, require explicit approval before any create/update/delete request, and avoid using the direct proxy unless you know the exact endpoint and impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest markets the skill as limited to managing Organizations, Pipelines, Users, and Filters, but the body documents materially broader capabilities, including arbitrary API proxying and other operations beyond that narrow scope. This mismatch can cause the agent or reviewer to grant trust based on an understated description, increasing the chance of unintended or over-privileged actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly enables arbitrary proxied HTTP requests to Engage endpoints, including write-capable methods, which is substantially broader than the stated management use case. In an agent context, this creates a general-purpose API tunnel that can reach sensitive or destructive operations not covered by curated actions, bypassing least-privilege expectations and increasing misuse risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text is broad enough to trigger on many generic requests involving Engage data, even when the user's intent may not require this specific skill. Over-broad invocation increases the likelihood that a high-capability integration is selected unnecessarily, which is especially risky given the skill's support for direct API access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents direct proxy requests with mutating HTTP methods as normal usage but does not warn about irreversible changes, data loss, or the need for confirmation before writes. In practice, this can normalize unsafe execution patterns and lead an agent to perform destructive operations without sufficient friction or user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal