ClawHub

Mojotxt

Security checks across malware telemetry and agentic risk

Overview

This is a plausible MojoTxt integration, but it gives broad authenticated access to live SMS/customer data with unclear scope and weak safeguards for write or delete actions.

Install only if you trust Membrane and intend to connect a MojoTxt account. Limit use to SMS-related MojoTxt tasks, prefer discovered Membrane actions over raw proxy calls, and require explicit user confirmation before any POST, PUT, PATCH, DELETE, message-sending, campaign, contact, number, or bulk operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest advertises CRM-style objects such as Persons, Organizations, Deals, Leads, and Projects, but the body describes an SMS marketing platform with very different entities and also enables arbitrary API proxying. This mismatch can cause an agent to invoke the skill in the wrong contexts and perform unintended operations against a live external service.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file contains contradictory descriptions of what the skill is for, which undermines safe tool selection and user intent matching. In an agent setting, inconsistent documentation increases the chance of querying, creating, updating, or deleting data in the wrong system because the operator believes the skill manages different resources than it actually does.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is broad enough that an orchestrator may route many generic 'MojoTxt data' requests to this skill without distinguishing read-only from high-risk write operations. Because the skill also documents discovery and proxy mechanisms, overbroad selection increases the chance of unnecessary access or unintended state changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs direct HTTP proxy requests and lists mutating methods including POST, PUT, PATCH, and DELETE, but does not warn that these can modify or permanently remove remote data. In an agent environment, this materially raises the risk of accidental destructive actions because raw requests bypass the guardrails of curated actions and make arbitrary API access easy.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal