ClawHub

Openapi Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane CLI skill for using OpenAPI Generator, with some broad API/proxy capability that users should approve carefully.

Install only if you trust Membrane and the npm CLI package. Prefer discovered Membrane actions where possible, and review any direct proxy request carefully, especially POST, PUT, PATCH, or DELETE operations, because those can change remote service state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a narrowly scoped OpenAPI Generator integration, but its instructions actually enable creation of generic Membrane connections, discovery of arbitrary actions, and raw request forwarding. This scope mismatch can cause the agent to invoke the skill for tasks far beyond OpenAPI Generator, expanding access and creating a confused-deputy risk where broad external actions are taken under a misleadingly specific label.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The raw proxy section allows direct HTTP requests through Membrane with custom method, headers, body, query, and path parameters, which is materially broader than the stated OpenAPI Generator purpose. In an agent setting, this creates a powerful generic egress channel that can reach unintended endpoints or perform unsafe operations if the model is prompted ambiguously or adversarially.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description uses broad phrases like managing data and automating workflows, which can cause over-triggering for unrelated user requests. In practice, that increases the likelihood that the agent selects this skill in contexts where its broad connection and proxy features are inappropriate, leading to unintended external actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal