ClawHub

Fixer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Fixer currency-data skill, but its metadata has a confusing leftover organization/user-management phrase and users should review proxy requests before allowing them.

Install this only if you intend to use Membrane with the Fixer currency API. Confirm you are connecting the right service, prefer the listed read-oriented actions, and do not allow raw proxy requests to include sensitive workspace or personal data unless you explicitly intend to send it to Fixer/Membrane.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest says this skill manages organizations and users, but the body clearly documents a Fixer currency exchange integration. This mismatch can cause the agent to invoke the skill in the wrong context and perform unintended external actions against a live network service, violating user expectations and increasing the chance of inappropriate data handling.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description 'Use when the user wants to interact with Fixer data' is broad enough to encourage invocation for loosely related requests without clear user confirmation. In a skill with network access and proxy capability, broad triggers increase the risk of overreach, unintended external calls, and acting on ambiguous prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy-request section explains how to send arbitrary requests to the external Fixer API but does not warn that user or workspace data could be transmitted off-platform. Because this skill has network access and supports arbitrary paths, headers, query parameters, and bodies, the absence of an explicit warning reduces informed consent and increases exfiltration risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal