ClawHub

Impression

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it is unclear which Impression service it controls while requesting account access and allowing broad authenticated API actions.

Review this skill carefully before installing. Confirm the exact Impression product and account it will connect to, avoid raw proxy requests unless you approve the endpoint and method, use the least-privilege account available, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims the app information is insufficient, yet immediately provides detailed operational instructions and action guidance. This inconsistency is a strong indicator of copied, mismatched, or poorly curated content, which can cause an agent to use the wrong integration or trust incorrect API guidance when handling user data.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest says this skill manages CRM-style entities like Persons, Organizations, Deals, Leads, Projects, and Activities, but the body documents a signature/workflow API with authentication intents and signature requests. This mismatch can misroute user requests to the wrong external system, causing unintended access, disclosure, or modification of unrelated data through an incorrectly invoked skill.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The listed resource model (Project, Document, Page, Template, Library, User) does not match the later action set for signature requests, workflow requests, and notification/authentication flows. Internal contradictions like this make the skill unreliable and can lead an autonomous agent to form an incorrect mental model of available data and operations, increasing the risk of unsafe or unintended actions.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is very broad and could cause the agent to select this skill for generic requests involving 'Impression data,' even though the documented behavior appears to target a different domain. Over-broad routing increases the chance of inappropriate tool invocation, which is especially risky when the skill has network access and can perform state-changing operations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal