ClawHub

R3

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it presents itself as R3/Corda while documenting legal, billing, banking, payment, and permission resources plus broad authenticated action/proxy authority.

Install only after verifying that this is the intended Membrane connector and that the connection maps to the correct R3 service. Use a least-privilege account, confirm scopes and revocation options, and require explicit approval before any create, update, delete, payment, bank/account, role, permission, or raw proxy operation. VirusTotal was only pending telemetry, so the Review verdict is based on artifact-backed scope and identity ambiguity, not malware evidence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill claims to integrate with R3, but the resource catalog describes a legal practice management domain that appears unrelated to R3/Corda. This mismatch can cause an agent to connect to or operate on the wrong third-party system, leading to unintended access, data disclosure, or destructive actions against an unrelated tenant.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The instructions tell the agent to ensure a connection to https://www.r3.com/ and then imply that arbitrary API proxying can be performed against an 'R3 API,' but the surrounding guidance does not establish that this domain is the correct application endpoint. An agent following these steps could create or reuse a connection for the wrong service and send authenticated requests to an unintended target.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents action execution and raw proxy requests without requiring confirmation before operations that may write, delete, or transmit sensitive remote data. In an agent setting, this increases the chance of silent state-changing requests or bulk data exposure when a user intended only read-only assistance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal