ClawHub

Flipando

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent about using Membrane, but its purpose is inconsistent and it grants broad authenticated API access without clear guardrails.

Review carefully before installing. Verify that this is the Flipando product and Membrane publisher you intended to use, install the CLI only from a trusted npm source, and connect only an account with permissions you are comfortable delegating. Prefer the listed scoped actions, and require explicit user approval before any raw proxy request, especially POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises CRM-style capabilities like managing deals, persons, organizations, leads, projects, and activities, but the documented actions only support app/task-style operations. This mismatch can cause an agent to invoke the skill for unrelated user intents and perform unintended network operations against the wrong service or dataset.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The body of the skill describes Flipando as an interactive content platform, directly contradicting the manifest's CRM-oriented positioning. In agent environments, contradictory documentation increases the chance of tool misuse, mistaken authorization flows, and data being sent to a service the user did not intend to access.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The cited 'official docs' URL appears inconsistent with the named service, which is a trust and provenance problem in a security-sensitive skill. Incorrect external references can mislead operators, agents, or users into authenticating against or modeling requests after the wrong API documentation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is overly broad, telling the agent to use the skill whenever the user wants to interact with 'Flipando data' without narrowing the allowed objects or actions. Over-broad routing increases the likelihood of accidental tool invocation and unnecessary external data access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages direct proxy requests to the external API but does not require user confirmation or warn that arbitrary requests may transmit or modify remote data. In an agent context, this makes it easier to perform unintended reads or writes through a generic request surface.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal