ClawHub

Idealpostcodes

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Membrane-based IdealPostcodes integration, with expected network, account, and address-data handling risks but no artifact-backed hidden or destructive behavior.

Install only if you trust Membrane and npm, and authenticate with the intended Membrane account. Treat any address, postcode, phone, email, or place lookup as data sent to Membrane and IdealPostcodes, and prefer the listed actions over raw proxy requests unless you clearly need a specific API endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill explicitly documents a generic proxy mechanism that can send requests to arbitrary IdealPostcodes API paths, which broadens the effective capability well beyond the declared postcode-management scope. This increases the chance an agent will perform unexpected external operations or transmit user data to endpoints the user did not intend, reducing least-privilege and transparency.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The listed 'popular actions' include phone validation, email validation, and place search features that do not match the stated purpose of managing postcodes via IdealPostcodes. This capability mismatch can mislead orchestrators and users, causing the skill to be invoked for broader PII-processing tasks than its manifest suggests.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation text 'Use when the user wants to interact with IdealPostcodes data' is broad and can trigger the skill in loosely related situations without making the boundaries of allowed operations clear. Overbroad routing increases the likelihood of unnecessary external calls and accidental handling of sensitive address or contact data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The proxy-request instructions tell the agent how to send direct requests to the external API but do not instruct it to warn the user that data will leave the local context and be transmitted to IdealPostcodes. Without an explicit disclosure step, users may not realize that entered addresses, postcodes, or other identifiers are being sent to a third party.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal