ClawHub

Foxy

Security checks across malware telemetry and agentic risk

Overview

This Foxy skill appears to be a real Membrane-based integration, but its documentation is inconsistent and it gives agents broad authority to change commerce, customer, and subscription data.

Install only if you intend to let an agent use Membrane to access and modify a Foxy commerce account. Verify the connected account and exact Foxy product first, prefer least-privileged access where possible, and require explicit approval before any create, update, cancel, delete, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata advertises management of Organizations, Users, Goals, and Filters, but the body of the skill actually documents Foxy/FoxyCart commerce operations such as stores, coupons, subscriptions, transactions, and customers. This capability mismatch can cause an agent to invoke the skill in the wrong context and perform actions against an unintended external system, creating a real risk of unauthorized or destructive operations.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The overview says the skill works with Email, Label, Contact, and Task objects, while the actionable sections expose commerce-related entities and operations. Contradictory object models are dangerous because they can mislead an agent about what data it is handling and what operations are safe, increasing the chance of issuing incorrect API calls or modifying the wrong records.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation description is broad enough to match many generic requests involving 'Foxy data' without clarifying the exact product domain or supported operations. In combination with the inconsistent documentation, this raises the likelihood of accidental invocation and misuse of a live integration against the wrong user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation presents destructive operations such as canceling subscriptions as normal actions without requiring confirmation, warning about side effects, or recommending read-before-write checks. This is risky because an agent could translate an ambiguous request directly into a state-changing operation that impacts billing or customer service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal