ClawHub

Rockset

Security checks across malware telemetry and agentic risk

Overview

This Rockset skill is not malicious, but it should be reviewed because it grants broad authenticated Rockset and proxy access beyond its narrow summary.

Install only if you trust Membrane and intend to let the agent operate against your Rockset environment. Use least-privilege Rockset/Membrane permissions, prefer listed Membrane actions over raw proxy requests, require explicit approval for write/delete/admin/full-URL requests, and revoke or remove stored Membrane credentials when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as limited to managing Collections, Queries, Views, and Workspaces, but the body documents broader Rockset administration over account-, user-, organization-, role-, integration-, and API key-related objects. This scope mismatch can mislead users and downstream policy systems into granting or invoking a skill with more privilege than its declared purpose suggests.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The proxy section allows direct requests beyond Rockset-specific operations and explicitly states that full URLs may be used as-is. That turns a Rockset integration into a generic authenticated HTTP proxy, which can enable unintended access to arbitrary external endpoints, bypass skill scoping, and increase the blast radius of prompt injection or operator error.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal