ClawHub

Poof

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed before use because it gives conflicting descriptions of Poof while requesting credentialed Membrane access and broad API request authority.

Install only after verifying exactly which Poof service this targets, what account permissions Membrane will receive, and whether the requested actions match your intent. Prefer discovered read-only actions first, review exact endpoint, method, and payload before any POST, PUT, PATCH, or DELETE proxy request, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill content is internally inconsistent: the manifest and operational guidance describe a CRM/business-data integration, while the overview claims Poof is a disappearing-message app with no known docs. This kind of mismatch can mislead an agent into connecting to or operating on the wrong external service, causing unintended data access, disclosure, or destructive actions against a different account/system.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description 'Use when the user wants to interact with Poof data' is broad enough to match many generic data-management requests without clearly scoping what Poof is or when this skill should be preferred. Over-broad activation increases the chance the agent invokes this integration in the wrong context and sends user data or operations to an unintended external system.

Vague Triggers

Low
Confidence
76% confidence
Finding
Telling the agent to 'Use action names and parameters as needed' provides no safety boundaries for choosing actions or crafting inputs. In a skill that can search, run actions, and proxy raw requests, vague guidance can lead to over-privileged or destructive operations without sufficient validation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The proxy-request section encourages direct API calls through Membrane but does not warn that arbitrary paths, headers, query params, and bodies may transmit sensitive user or business data to an external service. This raises the risk of silent exfiltration, privacy violations, or unsafe side effects when the agent falls back to raw requests instead of constrained actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal