ClawHub

Sendloop

Security checks across malware telemetry and agentic risk

Overview

The skill is a plausible Sendloop integration, but it gives an agent broad authenticated request power without clear safety limits.

Install only if you trust Membrane and this publisher with your Sendloop account. Prefer Membrane's pre-built Sendloop actions, avoid full-URL proxy requests, and require explicit user approval before creating, updating, deleting, importing, or sending campaign-related data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly permits passing a full URL to the proxy request command, which breaks the stated Sendloop-only boundary and enables arbitrary outbound requests under the agent's authenticated execution context. That can be abused for SSRF-like behavior, data exfiltration, or interacting with unrelated third-party/internal services not implied by the skill scope.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The proxy feature allows arbitrary HTTP methods and endpoints, which materially expands the capability of the skill beyond Sendloop integration into a general-purpose network client. In an agent setting, this creates a dangerous gap between the declared purpose and actual power, enabling unexpected destructive actions or requests to unintended targets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation normalizes direct proxy requests with unsafe methods including DELETE without any warning, approval step, or safety constraints. In a tool-using agent, that increases the risk of accidental or prompt-induced destructive operations against user Sendloop resources or other reachable endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal