ClawHub

Northflank

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Northflank integration, but it gives an agent broad authenticated DevOps control without enough guardrails for high-impact changes.

Install only if you are comfortable giving Membrane-mediated access to your Northflank account. Use a least-privileged Northflank role, review the Membrane connection permissions, and require explicit confirmation before any create, update, delete, deployment, team, user, or secret-related action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest description says the skill is for interacting with Northflank data, but the document supports much broader operational capabilities such as managing projects, users, teams, deployments, and secrets. That mismatch can cause the orchestrator or user to underestimate the skill's authority and invoke it in contexts where write-capable administrative actions are possible.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The proxy request section enables arbitrary authenticated API requests through Membrane, which is materially broader than a simple data interaction skill. This creates a hidden generic API execution path that could be used to modify, delete, or access sensitive Northflank resources without the manifest clearly disclosing that level of power.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that an agent may select this skill for generic Northflank-related requests without distinguishing between harmless queries and privileged administrative operations. Because the skill can manage projects, users, teams, and direct API calls, over-broad triggering increases the chance of unintended high-impact actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy request capability is documented as a fallback but does not prominently warn that it can perform direct authenticated operations against the remote Northflank API. In this context, absence of a mutation warning is dangerous because users or higher-level agents may assume requests are informational when they can actually alter deployments, secrets, teams, or other production resources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal