ClawHub

Marketing Master Io

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Marketing Master IO integration, but it grants broad authenticated API and connector-building authority without clear limits or confirmation safeguards.

Review before installing. Use only with a least-privileged Marketing Master IO account, prefer discovered Membrane actions over raw proxy requests, require explicit approval before POST/PUT/PATCH/DELETE calls, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill’s declared purpose is a Marketing Master IO integration for CRM-style entities, but the body mixes in generic connector guidance and inconsistent domain concepts like campaigns, ad sets, and reports. That mismatch can cause an agent to use the skill outside its intended scope, increasing the chance of incorrect tool selection, overbroad access, or unintended operations against the wrong service surface.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The instructions say that if no app is found, one is created and a connector is built automatically, which materially broadens the skill from a Marketing Master IO integration into a general connector bootstrapper. In an agent setting, this can enable access to arbitrary third-party systems under the guise of this skill, defeating least privilege and making misuse or accidental expansion of authority much more likely.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generic authenticated proxy request feature allows arbitrary paths and HTTP methods, which goes far beyond a narrowly defined action-based integration. In context, this gives the agent a broad raw API capability that can bypass safer prebuilt actions, making destructive requests, data exfiltration, or access to undocumented endpoints more feasible if the agent is prompted adversarially or behaves incorrectly.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger description is so broad that many generic requests involving Marketing Master IO data could invoke this skill, even when a narrower or safer capability would be more appropriate. Overbroad routing increases the chance that the agent enters a high-authority workflow unnecessarily, which is more dangerous here because the skill also exposes generic connection and proxy behaviors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal