ClawHub

Melo

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because its Melo service identity is inconsistent while it grants authenticated API access.

Install only if you can verify the exact Melo product and account this should connect to. During use, prefer discovered Membrane actions, review authentication prompts carefully, and require explicit confirmation before any custom proxy request or create, update, or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill claims to integrate with Melo data for organizations, pipelines, users, goals, and filters, but the body describes a different product focused on audio clips with a different object model. This kind of cross-service confusion can cause an agent to select incorrect actions, send data to the wrong backend, or mis-handle sensitive records under false assumptions about what service is being accessed.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The connection flow tells the agent to ensure a connection to https://www.melo.io/ while the documentation points to docs.melodrive.com, indicating the skill may connect users to a different domain than the documented service. In an agent setting, mismatched domains are dangerous because they can direct authentication and API traffic to the wrong tenant or even an attacker-controlled lookalike if the discrepancy is not caught.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes a generic authenticated proxy request mechanism without requiring confirmation or warning that direct API calls may create, update, or delete remote data. This increases the risk of unsafe agent behavior because an LLM can fall back to arbitrary raw requests and perform high-impact operations outside curated action schemas.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal