ClawHub

Kanbanflow

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate KanbanFlow integration, but it gives the agent broad authenticated request ability that is not tightly limited to KanbanFlow.

Install only if you trust Membrane and want an agent to operate on your KanbanFlow account. Prefer discovered Membrane actions over raw proxy requests, confirm any create/update/delete action before it runs, avoid full-URL proxy requests, and revoke the Membrane/KanbanFlow connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest frames the skill as managing Boards, Users, and Tags, but the documentation clearly enables broader KanbanFlow capabilities including tasks, account-level operations, and generic proxy access. This mismatch can cause the agent or user to underestimate the scope of actions the skill may perform, increasing the chance of overbroad or unintended data access.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Allowing a full URL to be passed 'as-is' turns a KanbanFlow integration into a generic outbound HTTP primitive. That can enable SSRF-like behavior, data exfiltration to arbitrary hosts, or misuse of the agent's network access beyond the stated purpose of the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes direct HTTP methods including POST, PUT, PATCH, and DELETE without requiring confirmation or warning about remote state changes. In an agent setting, this increases the risk of unintended modification or deletion of KanbanFlow data, especially if the model infers it can act directly from user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal