ClawHub

Eversign

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Eversign integration, but it gives broad authenticated control over documents and API requests without clear confirmation or scope limits.

Install only if you are comfortable granting Membrane-backed access to the intended Eversign account. Require the agent to confirm the exact document, action, and consequence before any deletion, trashing, cancellation, reminder, creation, or direct API proxy request, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest says the skill is for managing users and organizations, but the body documents much broader capabilities including document creation, cancellation, deletion, reminders, templates, and business operations. This scope mismatch can cause an orchestrator or user to invoke the skill under false assumptions, enabling unintended access to sensitive or destructive functions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The documented proxy allows authenticated requests to arbitrary Eversign API endpoints, which substantially exceeds the narrow manifest description. A generic authenticated proxy increases the chance of privilege overreach, data exfiltration, or destructive operations against any reachable endpoint using the user's connection.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description is broad enough to match many generic Eversign-related requests without defining clear boundaries. In context, this is more dangerous because the skill also documents broad and destructive capabilities, so loose routing could trigger actions beyond what the user intended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises destructive actions such as deleting, trashing, and canceling documents without stating that explicit user confirmation is required. In a document-signing context, accidental or automated execution of these actions could destroy records, interrupt signature workflows, or create legal and business harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal