ClawHub

Senta

Security checks across malware telemetry and agentic risk

Overview

This Senta skill is not overtly malicious, but it gives an agent broad authenticated access to sensitive live CRM data without clear enough scope or safety checks.

Install only if you trust Membrane and have verified this is the intended Senta service. Use a least-privileged account, review the global CLI install, and require explicit approval before any write, delete, payment, billing, user, role, permission, document, or subscription action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented connection flow is not constrained to Senta and explicitly allows creating a connector for an arbitrary app when no known match is found. In a skill advertised as a Senta integration, this expands the trust boundary and could let the agent interact with unintended third-party systems, increasing the risk of data exfiltration or unauthorized actions outside the user’s expected scope.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The proxy request section gives the skill a generic authenticated HTTP capability, including state-changing methods like POST, PUT, PATCH, and DELETE. That is much broader than narrowly scoped Senta actions and can be used to reach arbitrary endpoints exposed through the connection, enabling destructive changes or bulk data access with little guardrail.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill describes direct API requests and mutating operations without prominent warnings, confirmation requirements, or safety boundaries around user data. In a CRM/legal context, this is more dangerous because records, documents, notes, and workflows may contain sensitive client information and irreversible business changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal