ClawHub

Formidable Forms

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Formidable Forms integration, but it gives an agent broad authenticated ability to change or permanently delete live form data without clear confirmation safeguards.

Install only for agents you trust with administrative Formidable Forms access. Use a least-privileged WordPress/Formidable Forms account, prefer predefined Membrane actions, require explicit approval before create/update/delete or raw proxy requests, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes the skill as managing Forms, Users, and Roles, but the body documents broader capabilities around entries, fields, and authenticated proxy access. This mismatch weakens user and platform understanding of the skill's real privileges, increasing the risk of overbroad use and unsafe approval of actions that exceed the declared scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented `membrane request CONNECTION_ID /path/to/endpoint` capability enables arbitrary authenticated API calls beyond the curated action set. That materially expands the attack surface because an agent can reach undocumented or more sensitive endpoints using the user's authenticated connection, bypassing the narrower safety expectations implied by the skill description.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises destructive operations such as deleting entries, fields, and forms without any guidance to confirm intent, summarize consequences, or require a human check. In an agent setting, that increases the chance of accidental or unauthorized destructive actions against production form data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal