ClawHub

Placid

Security checks across malware telemetry and agentic risk

Overview

This is a mostly normal Placid integration, but it gives broad authenticated API access without clear limits or approval guardrails.

Install only if you trust Membrane and intend to connect a Placid account. Prefer discovered Membrane actions over raw proxy calls, review the exact endpoint and payload before any request, require explicit approval for create/update/delete actions, and revoke the connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and top-level description frame the skill as managing organizations, but the body documents general-purpose Placid connectivity, action discovery, arbitrary action execution, and raw API proxying. This scope mismatch can mislead an orchestrating agent into invoking the skill in contexts broader than the user intended, increasing the chance of over-privileged access or unintended operations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy request section enables arbitrary HTTP methods and paths against the Placid API through an authenticated Membrane connection. In a skill advertised for organization management, this effectively exposes a generic authenticated API client, which can be used to access or modify resources outside the declared purpose, amplifying misuse if the skill is invoked too broadly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance says to use the skill when the user wants to interact with Placid data, which is much broader than the named purpose of managing organizations. Ambiguous trigger boundaries make accidental invocation more likely, especially in agentic systems that route based on descriptions, and can lead to actions being taken in contexts the user did not specifically authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal