ClawHub

Plaid

Security checks across malware telemetry and agentic risk

Overview

This Plaid skill is coherent and not deceptive, but it gives an agent broad authenticated access to sensitive financial data and raw API requests without enough built-in user-control guardrails.

Install only if you intentionally want an agent to use an authenticated Plaid connection through Membrane. Before any sensitive read, export, payment, recipient change, write, delete, or raw proxy request, require the agent to show the exact action or endpoint, method, parameters, and request body, and use the narrowest Plaid/Membrane permissions available. Revoke the connection when the task is finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly enables access to bank-account, identity, payment, and transaction data but does not instruct the agent to obtain explicit user confirmation or warn about the sensitivity of financial information before use. In a financial context, omission of consent and sensitivity warnings increases the risk of over-collection, unintended disclosure, or acting on highly sensitive records without sufficiently clear authorization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy-request section encourages direct API requests to Plaid through Membrane without an explicit warning that request paths, headers, query parameters, and bodies may contain highly sensitive financial or personal data. Because this bypasses safer pre-built actions and can transmit arbitrary payloads to an external financial service, misuse could expose banking, identity, or payment information more easily than the structured action flow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal