ClawHub

Purple Sonar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Purple Sonar integration, but it gives an agent broad authenticated API power that is wider than its narrow description suggests.

Install only if you trust the publisher and intend to let an agent operate Purple Sonar through Membrane. Use the least-privileged Purple Sonar account available, prefer predefined actions over raw proxy requests, and require explicit confirmation before any create, update, delete, or other non-read operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest advertises a narrow purpose ('Manage Organizations') while the body enables much broader access to Purple Sonar data and even arbitrary proxied API requests. This mismatch can cause over-broad skill invocation and user/operator misunderstanding about the real capability and risk surface of the skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough that the skill may trigger on vague requests involving Purple Sonar, even when the user did not intend broad data access or management operations. In this context, broad triggering is more dangerous because the skill also exposes action discovery and raw proxy access to an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents a generic proxy mechanism supporting arbitrary endpoints and destructive HTTP methods (POST, PUT, PATCH, DELETE) without guardrails, confirmation requirements, or safety guidance. In a connected enterprise integration, this can enable unintended state changes, data deletion, or administrative actions against the external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal