ClawHub

Vies Api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane-based VIES/VAT API helper, with normal external API and delegated-login risks but no artifact-backed malicious behavior.

Install only if you trust Membrane and are comfortable using its CLI and delegated login. Prefer listed Membrane actions over raw proxy requests, verify the provider/domain before authenticating, and require explicit user intent before sending VAT numbers, company data, headers, or any non-GET request through the proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a VAT-validation integration, but it explicitly exposes a generic proxy capable of sending arbitrary HTTP requests, including mutating methods like POST, PUT, PATCH, and DELETE. This creates a scope mismatch: an agent or user may invoke operations far beyond simple validation, increasing the chance of unintended state changes or misuse under the guise of a narrowly scoped validation tool.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The documentation frames the service as a VAT-number validation tool, yet later instructions authorize generic mutating methods and broader workflow automation. That mismatch is dangerous because users and downstream agents may trust the skill as low-risk verification-only functionality while it actually enables broader API interactions that can alter external state.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text says the skill can 'manage data, records, and automate workflows,' which is much broader than VAT-number validation and can cause the orchestrator to select this skill for generic business-data tasks. Combined with the proxy and action-running guidance, this broad trigger surface increases the chance of overreach, unintended API calls, or use outside the user's expected scope.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal