ClawHub

Hansei

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Hansei/Membrane integration, but its stated scope is inconsistent and it allows broad authenticated API requests without clear safety limits.

Install only if you trust Membrane and intend to let an agent operate on your Hansei account. Prefer prebuilt Membrane actions, require explicit approval before any POST, PUT, PATCH, or DELETE request, verify the global npm CLI package, and revoke the Hansei/Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest advertises management of Organizations, Pipelines, Projects, Users, and Filters, but the body documents a different Hansei capability set focused on retrospectives, bots, conversations, and general API access. This scope mismatch can cause an agent or user to invoke the skill under false assumptions, increasing the chance of unintended actions or overbroad trust in what the skill is allowed to do.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The top-level description suggests a bounded integration with Hansei data, but the documentation also authorizes arbitrary direct API requests through a proxy. That creates a significant capability expansion beyond the declared scope, enabling access to endpoints and operations not obvious from the manifest and potentially including sensitive reads or writes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough that an orchestrating agent may select this skill for many generic Hansei-related requests without understanding its operational boundaries. In the presence of raw request capability, broad routing language increases the chance of unintended skill activation and unsafe actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The proxy section instructs the agent to send direct API requests and lists state-changing methods like POST, PUT, PATCH, and DELETE without any caution, guardrails, or confirmation requirements. This makes destructive or privacy-impacting modifications easier to perform accidentally or through prompt manipulation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal