ClawHub

Graphy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Membrane-powered Graphy integration, but it gives broad authenticated API access with unclear scope and weak safety guidance.

Install only if you trust Membrane and intend to let an agent operate on the connected Graphy account. Use the least-privileged account available, review the connection permissions, prefer listed read-only actions, and require explicit approval before any POST, PUT, PATCH, DELETE, purchase-related, user/account, order/payment, or course/product-changing operation. The pending VirusTotal result is not enough by itself to change the verdict, and static scan found no executable or suspicious patterns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill manifest frames the capability as managing organizations and Graphy data, but the body grants much broader powers: creating arbitrary connections, discovering and running actions, and issuing raw proxied API requests. This mismatch can cause over-broad invocation and user/operator misunderstanding about the scope of external access, increasing the chance of unintended data access or modification.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The documentation describes Graphy as a social media management platform, while the exposed actions target commerce/learning data such as orders, enrollments, courses, and products. This inconsistency can mislead an agent or user about what system is being accessed and what kinds of sensitive data or side effects are involved, undermining informed consent and safe operation.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger description is so broad that many routine requests involving 'Graphy data' could invoke the skill, even when the user did not intend to authorize external-system interaction. In a skill with network access, action execution, and proxying, vague routing increases the risk of unnecessary data exposure or unintended writes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents a generic proxy interface that supports GET, POST, PUT, PATCH, and DELETE to arbitrary API endpoints without any safety guidance, guardrails, or confirmation requirements. In context, this effectively exposes broad write/delete capability against the connected service and can lead to destructive changes, mass updates, or unauthorized data manipulation if misused.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal