ClawHub

Function

Security checks across malware telemetry and agentic risk

Overview

This skill is an unclear Function/Membrane integration that could let an agent make broad authenticated API calls, including changes to business data.

Review before installing. Only use this if you can independently verify what the Function service is and which Membrane connector/account it will access. Avoid full-URL proxy requests and do not allow write or delete operations unless the user explicitly requested the exact change and understands the effect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata advertises a CRM/business-data integration, but the body points to unrelated MathWorks documentation for a generic programming concept ('function') and provides mismatched guidance. This kind of documentation confusion is dangerous because an agent may invoke the wrong connector, misunderstand capabilities, or perform unintended operations against a user's connected account based on inaccurate instructions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy section explicitly allows passing a full URL 'as-is', expanding the skill from a scoped SaaS integration into a general outbound HTTP capability. In an agent context, this can enable SSRF-style behavior, exfiltration to attacker-controlled endpoints, or bypass of intended connector scoping and review boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation encourages direct API use with POST, PUT, PATCH, and DELETE methods but provides no guardrails about mutation risk, confirmation requirements, or least-privilege behavior. In an autonomous agent setting, that omission raises the chance of unintended writes, destructive changes, or misuse of connected business data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal