ClawHub

Moov

Security checks across malware telemetry and agentic risk

Overview

This Moov skill is a coherent payment integration, but it gives agents broad authenticated financial/API authority without clear confirmation guardrails.

Install only if you are comfortable granting Membrane-mediated access to your Moov account. Use least-privileged or sandbox credentials where possible, review the Membrane CLI package/version before installing, and require explicit confirmation of account, amount, endpoint, method, and expected effect before any transfer, payout, delete, or non-GET proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation condition is very broad: 'Use when the user wants to interact with Moov data' could match many loosely related requests involving payments, accounts, transfers, or records. In a payments context, over-triggering this skill increases the chance an agent invokes a high-impact integration inappropriately, potentially exposing financial data or initiating workflows without sufficient user confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes payment, banking, payout, and transfer capabilities without any warning that these operations may be state-changing, sensitive, or irreversible. In a financial integration, omission of such guardrails is dangerous because an agent may treat high-risk operations like ordinary data retrieval and proceed without explicit user acknowledgment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented proxy request feature allows arbitrary authenticated requests to the Moov API, including POST, PUT, PATCH, and DELETE, but provides no user-facing safety warning. This materially expands the agent's power beyond curated actions and can enable unauthorized state changes, destructive operations, or unintended financial activity if used without strict confirmation and endpoint constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal