ClawHub

Mslm Cloud

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Mslm Cloud integration, but it gives an agent broad authenticated access that could change or delete cloud data without enough documented safeguards.

Install only if you are comfortable granting Membrane-mediated access to the relevant Mslm Cloud account. Use a least-privileged account or connection, confirm the exact endpoint and payload before any write/delete/share/user-management action, prefer curated Membrane actions over raw proxy requests, and consider pinning the CLI version instead of using latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The manifest advertises a narrow scope of managing users and organizations, but the body documents much broader capabilities including files, folders, shared links, and arbitrary proxied API requests. This scope mismatch can mislead routing, review, and user consent, causing the skill to be invoked in situations where it can perform far more powerful actions than expected.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill documentation materially contradicts the manifest by describing a cloud storage platform and broader resource access while the manifest frames the skill as limited administrative management. Such contradictions increase the chance of operator misunderstanding and unsafe use, especially where access to stored files and sharing functions carries higher sensitivity than user-directory management.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough that an orchestrator may select this skill for generic cloud-data tasks, not just this specific service. Because the skill can establish connections and issue direct API requests, over-broad triggering could lead to unintended access or modification of remote data under the wrong context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy-request section enables arbitrary direct API calls, including state-changing methods like POST, PUT, PATCH, and DELETE, but does not warn users or agents about the risk of destructive operations. In this context, the feature bypasses safer curated actions and materially increases the chance of unauthorized, accidental, or overly broad changes to remote data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal