ClawHub

Wix

Security checks across malware telemetry and agentic risk

Overview

This Wix skill is not malicious, but it gives an agent broad live Wix authority, including raw API calls and permanent product deletion, without enough safety guardrails.

Install only if you trust Membrane and intend to let an agent operate on live Wix business data. Use the least-privileged Wix account available, verify OAuth scopes, require explicit approval before create/update/delete or proxy requests, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest frames the skill as managing Wix Stores, but the body expands scope to CRM contacts and arbitrary proxied Wix API access. This mismatch can cause an agent or user to authorize and use broader capabilities than expected, increasing the chance of over-privileged access and unintended data operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a permanent destructive operation (delete-product) without requiring confirmation or warning about irreversible effects. In an agent setting, this raises the risk of accidental or overly broad deletion of live catalog data due to prompt misunderstanding or automation errors.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The raw proxy feature enables direct requests to arbitrary Wix API endpoints with authenticated context, but the skill provides no warning about modifying production data or bypassing safer high-level actions. This substantially increases the chance of unintended writes, privilege overreach, and use of unreviewed endpoints against live systems.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal