ClawHub

Jetbrains Marketplace

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Membrane-based JetBrains integration, but its scope is ambiguous and it allows broad authenticated API actions without clear approval guardrails.

Install only if you intend to connect a JetBrains or Marketplace account through Membrane. Confirm the exact service and account before authenticating, avoid using it for local IntelliJ project data, and require explicit approval before any purchase, review posting, deletion, or POST/PUT/PATCH/DELETE request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill metadata and description say it is for interacting with IntelliJ IDEA data, but the body targets JetBrains Marketplace operations. This mismatch can cause an agent or user to invoke the skill under false assumptions, leading to unintended access patterns, wrong data handling, or execution of marketplace-related actions when IDE-local data was expected.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation cue 'use when the user wants to interact with IntelliJ IDEA data' is overly broad and does not accurately constrain the skill to Marketplace-related tasks. In an agent setting, broad routing cues increase the chance of mis-selection and unintended execution against the wrong connection or data scope.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation encourages direct proxy requests and lists support for mutating HTTP methods without requiring confirmation, scope limitations, or warning about side effects. In an agent workflow, this can enable unintended modification, deletion, or transmission of remote data through raw requests that bypass safer higher-level actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal