ClawHub

Lmnt

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate LMNT/Membrane integration, but it exposes broad authenticated raw API access with mutating methods and unclear scope boundaries.

Review before installing. Use it only with an LMNT/Membrane account where you are comfortable granting broad API access, and require explicit approval before any POST, PUT, PATCH, or DELETE request. Prefer predefined Membrane actions over raw proxy requests whenever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest describes a CRM-style LMNT integration, but the body of the skill describes a different LMNT domain and generic API/connection behavior. This mismatch can cause an agent or user to invoke the skill under false assumptions, potentially exposing or modifying unrelated external data through a connection that is broader than advertised.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill claims to help manage LMNT data, but it explicitly documents arbitrary proxied HTTP requests, including unrestricted endpoint access. That expands capability far beyond a narrow data-management skill and enables use of raw API calls that bypass the safer, more discoverable action layer the user may expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy request guidance includes mutating methods such as POST, PUT, PATCH, and DELETE without any warning or confirmation requirement before state-changing operations. In an agent setting, this increases the risk of unintended writes, deletions, or destructive actions against the connected tenant's data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal