ClawHub

Goose

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it gives an agent broad authenticated access to a Goose/Membrane connection while the target service and write-operation safeguards are unclear.

Install only if you specifically intend to connect this skill to the Goose service through Membrane. Verify that goose.ai is the correct target, install the Membrane CLI from a trusted source, use the least-privileged account available, and require explicit approval before any action or proxy request that creates, updates, posts, or deletes data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill documentation is internally inconsistent about what Goose is and what backend it targets, mixing generic workflow claims, a social-media SaaS description, and a link to an unrelated Go package. In a security-sensitive agent context, this can cause the agent to select the wrong integration or issue requests against unintended services, especially when combined with broad proxy capabilities.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation text is overly broad and can match many ordinary requests about managing data, records, or workflows, even when the user did not intend to use Goose. Over-broad routing increases the chance that an agent invokes this skill in the wrong context and then gains access to external actions or proxy requests that can read or modify remote data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes direct proxy requests to arbitrary API endpoints and lists mutating HTTP methods without requiring confirmation or warning that these calls may change or delete remote data. In an agent setting, that omission materially raises the risk of unintended writes, destructive actions, or misuse of authenticated access against the connected service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal