ClawHub

Postman

Security checks across malware telemetry and agentic risk

Overview

This Postman skill appears legitimate, but it gives an agent broad authenticated control over Postman resources beyond the narrow workspace-focused description.

Review before installing. Use this only if you are comfortable connecting an agent to Postman through Membrane. Prefer named Membrane actions, require explicit confirmation for create/update/delete/merge/bulk operations, and avoid raw proxy requests unless you know the exact endpoint, method, and payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says the skill is for managing Postman workspaces, but the body documents much broader capabilities including APIs, mocks, monitors, environments, collections, and generic proxy requests. This scope mismatch can mislead users or higher-level policy systems into granting or invoking broader functionality than expected, increasing the chance of unauthorized or unsafe actions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The proxy request feature allows arbitrary requests to Postman API endpoints with multiple HTTP methods, which materially exceeds the stated workspace-management scope. In an agent setting, this can enable unreviewed access to modify or delete resources beyond user expectations because authentication is automatically applied.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation highlights create and update actions for multiple Postman resource types without warning that these operations change user data. In an agent-driven workflow, lack of mutation warnings can cause accidental edits, creation of unwanted assets, or overwriting existing configurations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The proxy request section documents arbitrary HTTP access but does not warn that methods like POST, PUT, PATCH, and DELETE can perform destructive operations. Because Membrane injects authentication automatically, an agent could send high-impact mutating requests with little friction or visibility to the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal