ClawHub

Semaphore

Security checks across malware telemetry and agentic risk

Overview

This Semaphore skill is a real integration, but it grants broad authenticated CI/CD access that is not clearly scoped in its description.

Review before installing. Use a low-privilege Semaphore account or limited workspace, avoid raw proxy write/delete requests unless you explicitly requested them, confirm any deployment, secret, user, team, repository, or organization change before execution, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest and invocation text present the skill as narrowly focused on managing organizations, but the body of the skill enables access to projects, deployments, secrets, users, teams, repositories, and arbitrary proxied API endpoints. This scope mismatch can cause an orchestrating agent or user to invoke the skill under false assumptions, leading to overbroad actions and unintended data access or modification.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The proxy request section authorizes arbitrary paths and HTTP methods, including POST, PUT, PATCH, and DELETE, which materially expands the skill beyond curated actions. In an agent setting, this creates a generic authenticated API tunnel that can be used to modify or delete Semaphore resources, bypassing safer higher-level action constraints.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough that an agent may match this skill for many requests involving Semaphore data, despite the skill supporting powerful write and proxy capabilities. Overbroad routing increases the chance the skill is selected in contexts where the user expected limited lookup behavior, resulting in unnecessary access to sensitive resources or unintended mutations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation presents direct API requests with destructive HTTP verbs as normal usage but does not prominently warn that these operations can change or delete remote CI/CD configuration, secrets, deployments, or related resources. In practice, this lowers friction for unsafe agent behavior and can lead to irreversible modifications in production-integrated systems.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal