ClawHub

Phrase

Security checks across malware telemetry and agentic risk

Overview

This Phrase skill is a legitimate integration, but it gives broad authenticated access that can change live Phrase data without clear built-in guardrails.

Install only if you are comfortable giving Membrane delegated access to your Phrase account. Use a least-privileged Phrase account where possible, review the target project or organization before any write, require explicit confirmation for create/update/delete or proxy requests, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is very broad ('Use when the user wants to interact with Phrase data') and does not constrain scope to read-only vs. mutating tasks, specific resources, or required confirmation before writes. In an agent setting, broad activation increases the chance the skill is selected for ambiguous prompts and then used to access or modify remote Phrase organization data without sufficient user intent validation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation lists create and update actions for projects, locales, keys, translations, and jobs without warning that these operations change live remote data. In a tool-using agent, omission of mutation warnings can cause unintended writes to production localization resources, especially when a user asks exploratory questions and the agent escalates from listing to editing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy request section permits arbitrary paths, HTTP methods, headers, and bodies while emphasizing convenience, but it does not warn that POST, PUT, PATCH, and DELETE can perform destructive operations against the Phrase API. Because proxying also injects authentication automatically, this effectively gives an agent a generic authenticated API client that could alter or delete organization data if prompted or confused.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal