ClawHub

Headless Testing

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Membrane integration for Headless Testing, but it gives an agent broad authenticated API access including delete, stop, update, and raw proxy requests without explicit confirmation safeguards.

Review before installing. Use this only with a Membrane account and Headless Testing workspace where agent-driven changes are acceptable. Prefer read-only/list/get actions, require explicit confirmation before delete, stop, update, or proxy write requests, and connect an account with the minimum permissions needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames the skill as interacting with Headless Testing data, but the skill also exposes a generic proxy request mechanism that can reach arbitrary API endpoints within the connected service. That broader capability is not clearly disclosed in the top-level description, which can hide the true power of the skill and bypass the safer, enumerated action model.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest frames the skill as interacting with Headless Testing data, but the skill also exposes a generic proxy request mechanism that can reach arbitrary API endpoints within the connected service. That broader capability is not clearly disclosed in the top-level description, which can hide the true power of the skill and bypass the safer, enumerated action model.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description is broad enough that the skill may be selected for generic requests involving Headless Testing, even when the request falls outside the safely documented action set. Over-broad triggering increases the chance of unnecessary external access or use of the proxy pathway for tasks the user did not specifically intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises destructive operations such as deleting builds and tests or stopping running tests without any guidance to obtain explicit confirmation. In an agentic context, this raises the risk of accidental or premature destructive actions that can disrupt testing workflows or cause data loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal