ClawHub

Baserow

Security checks across malware telemetry and agentic risk

Overview

This is a real Baserow integration, but it gives an agent broad authenticated access that can change or delete Baserow data without enough built-in scoping or confirmation guidance.

Install only if you trust the publisher and Membrane with the connected Baserow workspace. Use a least-privileged Baserow account, verify workspace/table/row identifiers before each operation, and require explicit approval before create, update, delete, batch, user/role, or raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and top-level description frame the skill as managing workspaces, users, and roles, but the documentation also exposes a generic proxy mechanism for arbitrary Baserow API requests. This broadens the effective capability of the skill beyond what a caller may reasonably expect, increasing the chance that an agent uses powerful direct API access without appropriate scrutiny or user confirmation.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
The skill metadata emphasizes workspace/user/role management, while the documented actions are largely database, table, and row operations, including destructive row actions. This mismatch can mislead operators or higher-level policy systems about what the skill actually does, causing it to be invoked in broader or different contexts than intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises destructive operations such as batch-delete-rows and delete-row without any warning, confirmation guidance, or safety checks. In an agentic setting, this raises the risk of accidental bulk deletion or unintended modification of production data because the documentation normalizes these commands as routine actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal