ClawHub

Npm

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent npm integration, but it gives an agent broad authenticated npm account power through Membrane without enough guardrails for changes.

Install only if you trust Membrane and want an agent to work with an authenticated npm account. Prefer read-only queries, pin or review the CLI before global install, use the least-privileged npm account or token available, and require explicit approval before any publishing, deletion, ownership, organization, token, billing, or settings change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is framed as an npm integration, but its documented capabilities extend to generic workflow automation and unrestricted proxied API usage. This scope mismatch can cause an agent to invoke the skill for actions beyond narrowly justified npm data access, increasing the chance of unintended external interactions or abuse through overbroad tool selection.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill exposes a raw HTTP proxy primitive with arbitrary paths, headers, body data, query parameters, and mutating methods like POST, PUT, PATCH, and DELETE. That gives the agent a broad low-level capability that bypasses the safety and scoping benefits of curated actions, enabling unintended or harmful requests if the skill is selected inappropriately or manipulated by prompt input.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest says to use the skill when the user wants to interact with npm data, which is broad enough to trigger the skill in many ambiguous situations. Overly broad routing language increases the likelihood that an agent selects this skill when a narrower or safer tool would be more appropriate, especially given the skill's generic proxy capabilities.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal