ClawHub

Sidetracker

Security checks across malware telemetry and agentic risk

Overview

The skill looks like a real Sidetracker/Membrane integration, but it gives broad account-changing access without clear guardrails and its advertised scope is inconsistent.

Install only if you intend to let an agent operate on your Sidetracker account through Membrane. Use the least-privileged account available, review the Membrane connection permissions, and require explicit approval before any create, update, or delete action, especially raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest describes managing Organizations, Projects, Pipelines, Users, Goals, and Filters, while the body documents a time-tracking model of Tasks, Task Notes, Projects, Tags, and Timers. This mismatch can cause an agent to invoke the skill in the wrong contexts and operate under false assumptions about available data and actions, increasing the chance of unintended queries or modifications in an external system.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file presents Sidetracker as a time-tracking integration, but the manifest advertises a substantially different resource model. In a tool-selection pipeline, inconsistent identity and capability claims can misroute user requests and lead an agent to perform actions against the wrong connection or with incorrect expectations about the remote API surface.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough to match many generic requests about Sidetracker data, without constraining when the skill should or should not be used. Overbroad routing increases the risk of the agent selecting this skill for ambiguous prompts and then taking unnecessary external actions, especially because the skill supports authenticated network operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to use a generic proxy mechanism with GET, POST, PUT, PATCH, and DELETE against the Sidetracker API, but does not warn that these operations may create, modify, or delete remote data. In an agent setting, exposing raw mutating request capability without clear safeguards materially raises the risk of unintended destructive changes to a live third-party account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal