ClawHub

Launchdarkly

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real LaunchDarkly/Membrane integration, but it gives broad authenticated access that could change or delete production LaunchDarkly configuration without clear guardrails.

Review before installing. Use a least-privileged LaunchDarkly account or token, restrict access to the intended projects and environments, and require explicit approval before any create, update, PATCH, POST, PUT, or DELETE request, especially through the generic proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description materially understates the skill's capabilities. A caller or orchestrator may invoke this skill expecting only limited read/manage operations on segments, projects, and users, while the documentation exposes broader access to feature flags, teams, webhooks, account members, and direct API proxying, increasing the risk of unintended privileged actions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The generic proxy capability enables arbitrary authenticated requests to LaunchDarkly endpoints using multiple HTTP methods, effectively bypassing the narrower action catalog and any implied guardrails. In a feature-management platform, this can allow modification or deletion of production configuration, access to sensitive account metadata, or use of undocumented/high-impact endpoints.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation description is broad enough that an agent may select this skill for many generic LaunchDarkly-related tasks without understanding its true boundaries or risk level. Over-broad routing increases the chance that the skill is used in contexts involving sensitive configuration changes or data access that were not intended by the user.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises create and update actions for LaunchDarkly resources without warning that these may alter live feature delivery and production behavior. An agent following the guide could make changes to flags or projects without surfacing the operational risk, potentially causing outages, exposure of unfinished features, or mis-targeted rollouts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The proxy section presents arbitrary HTTP methods, including PATCH and DELETE, as routine options without warning that they can directly alter or remove LaunchDarkly resources. This normalizes dangerous low-level access and may lead an agent to execute destructive requests with authenticated credentials and little contextual review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal