ClawHub

Inksprout

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because its documented scope is inconsistent and it allows broad authenticated API requests through Membrane.

Install only if you are comfortable connecting an Inksprout account through Membrane. Prefer listed Membrane actions over raw proxy requests, use a least-privileged account where possible, and require explicit user approval before any POST, PUT, PATCH, or DELETE request. Consider reviewing or pinning the Membrane CLI package before global installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest claims the skill manages Organizations, Pipelines, Users, and Filters, but the body documents different Inksprout entities and summary-generation actions. This mismatch can cause an agent or user to invoke the skill under false assumptions, increasing the chance of unintended operations, overbroad use, or reliance on undocumented behavior.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The header says the skill manages Organizations, Pipelines, Users, and Filters, while the overview lists Document, Block, Account, Workspace, and Member. Contradictory resource models undermine operator understanding and can lead to misuse of the integration, unsafe assumptions about accessible data, and incorrect authorization expectations.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Although the skill is presented as a scoped integration, it explicitly documents raw proxy access to arbitrary API endpoints through `membrane request`. That materially expands the reachable attack surface beyond the named capabilities, enabling actions against undocumented endpoints and weakening the safety benefit of a narrowly described skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal