ClawHub

Pylon

Security checks across malware telemetry and agentic risk

Overview

This Pylon integration is mostly coherent, but it gives an agent broad authenticated API access, including write and delete requests, without enough scoping or confirmation guidance.

Install only if you intend to let an agent use your authenticated Pylon account through Membrane. Prefer read-only action discovery first, review any raw proxy request before it runs, and require explicit confirmation for creating, updating, or deleting Pylon records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documented connection flow is broader than the skill’s declared Pylon-specific purpose because it allows creating a new app/connector automatically when no known app is found. That can expand the skill from a scoped SaaS integration into a generic external-service integration path, increasing the risk of unintended data access or actions against non-Pylon targets.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy section exposes a generic HTTP request capability with support for mutating methods like POST, PUT, PATCH, and DELETE, which is materially broader than a narrowly scoped Pylon data skill. Without tighter constraints, an agent could use this as a general-purpose API client to perform destructive or unauthorized operations through an authenticated connection.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation text is broad enough that the skill may trigger for many requests involving 'data, records, and automate workflows,' not just clearly scoped Pylon tasks. Over-broad routing increases the chance the agent invokes this skill in inappropriate contexts, which matters more here because the skill includes connector creation and raw request capabilities.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents direct proxy requests with destructive HTTP methods but does not warn about modification, deletion, or other irreversible side effects. In an agent setting, omission of such warnings can cause unsafe automation and reduce the likelihood of obtaining meaningful user confirmation before state-changing actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal