ClawHub

Sesame

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed because it connects an agent to sensitive Sesame data while its documented product/API scope is inconsistent and too broad.

Install only after confirming this is the exact Sesame product and API you intend to use. Connect a least-privileged account, prefer discovered/read-only Membrane actions, and require explicit user approval before any POST, PUT, PATCH, DELETE, or raw proxy request. Review and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to integrate with Sesame HR data, but its documented objects and official docs URL point to unrelated security/Vault-style resources. This mismatch can mislead an agent into invoking the wrong integration or sending sensitive HR-related requests to an unintended API surface, creating a real risk of data exposure, corruption, or unsafe operations under false assumptions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports running arbitrary actions and proxying direct API requests against HR-related SaaS data, yet it provides no explicit guardrails about destructive operations, sensitive employee data access, or the need for user confirmation. In this context, an agent could retrieve confidential personnel information or perform state-changing operations without adequate notice or consent, making the risk materially higher.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal