ClawHub

Ikas

Security checks across malware telemetry and agentic risk

Overview

This Ikas skill is mostly coherent, but it gives agents broad authenticated API power, including write and delete requests, without clear safety prompts.

Install only if you trust Membrane and are comfortable granting it Ikas account access. Use a least-privilege Ikas account, prefer listed Membrane actions over raw proxy requests, and require explicit confirmation before any write, delete, payment, purchase, or bulk workflow action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as an Ikas-specific integration, but the documented connection flow explicitly allows automatic creation of a generic app/connector when no app match is found. That broadens the effective scope beyond Ikas and can cause an agent to connect to or operate on unintended third-party systems under the guise of this skill.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata frames usage as interacting with Ikas data, but the proxy feature enables arbitrary direct API calls, including mutating and destructive methods like POST, PUT, PATCH, and DELETE. This creates a mismatch between declared purpose and actual capability, increasing the risk of overbroad or unsafe remote actions.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation condition is very broad: 'use when the user wants to interact with Ikas data.' In an agent environment, vague triggering language can cause the skill to be selected in ambiguous situations, unnecessarily exposing powerful external actions and increasing the chance of unintended data access or modification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation advertises direct proxy requests with support for mutating HTTP methods but does not warn that these operations can create, modify, or delete remote data. In practice, this lowers the safety barrier for an agent or user to perform destructive actions without informed consent or adequate review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal