ClawHub

Overloop

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a business-app integration, but its app identity and raw mutation authority are under-scoped enough that users should review it before installing.

Install only if you are comfortable granting an agent authenticated access to the connected business app. Verify that the skill really targets Overloop, confirm the connection domain before authenticating, and require explicit approval before any create, update, or delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata and body describe materially different product capabilities, which can mislead an agent into invoking incorrect actions or operating on the wrong data model. In a security-sensitive integration, this kind of scope confusion increases the chance of unintended reads, writes, or unsafe fallback behavior when the documented targets do not match the declared app.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation claims to be for Overloop but links to Salesloft docs and recommends generic connection bootstrapping that can create connectors for arbitrary apps. This weakens app-boundary guarantees and could cause an agent to authenticate to or operate against an unintended third-party service, expanding access beyond the declared skill scope.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents raw proxy requests with POST, PUT, PATCH, and DELETE without requiring user confirmation, safety checks, or warnings about side effects. In an agent setting, that can enable silent destructive or high-impact mutations against external systems if the model chooses the proxy path incorrectly or too eagerly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal