ClawHub

Realm

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Realm/Membrane integration, but it gives broad authenticated API access without clear guardrails for data-changing requests.

Install only if you are comfortable letting the agent use a Membrane-authenticated Realm connection. Use a least-privileged account, prefer curated Membrane actions, and require explicit approval before any POST, PUT, PATCH, or DELETE proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented connection flow is not constrained to Realm and explicitly allows finding or creating connections for arbitrary apps based on a URL or domain. That materially broadens the skill’s effective capability beyond its stated purpose, increasing the risk that an agent invokes it to access or configure unrelated third-party services under overly generic user requests.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The proxy request feature exposes a generic authenticated HTTP client that supports arbitrary methods, headers, body data, query parameters, and path parameters. In a skill advertised for Realm data interaction, this creates a capability mismatch that could enable broad authenticated actions against connected APIs, including destructive operations or access to endpoints not covered by safer prebuilt actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match many generic requests involving data, records, or automation, which can cause the skill to be selected outside a clearly bounded Realm context. Because the skill also contains broad connection and proxy capabilities, over-triggering meaningfully raises the chance of unintended access or actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal