ClawHub

Wrk

Security checks across malware telemetry and agentic risk

Overview

This skill is documentation-only and not clearly malicious, but it gives an agent broad authenticated access to live business data without enough guardrails for writes or deletes.

Install only if you trust Membrane and need an agent to operate on the connected Wrk account. Verify the exact service and account before connecting, review the granted permissions, prefer discovered high-level actions, and require explicit approval before any create, update, delete, bulk-change, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a Wrk-specific integration, but the documented `membrane connection ensure` flow can create or bind connectors for arbitrary domains, expanding capability beyond the declared scope. That mismatch increases the chance an agent uses this skill to interact with unintended third-party services, causing overbroad network access and cross-integration misuse.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The proxy interface allows arbitrary HTTP paths, methods, headers, query parameters, and request bodies, effectively exposing a general-purpose authenticated request primitive. In a skill advertised for Wrk data management, this broadens the attack surface and can enable unintended reads, writes, or destructive operations against connected services beyond narrowly scoped actions.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text is broad enough to match many generic 'data' or 'workflow' requests, which may cause the agent to select this skill outside genuine Wrk-specific contexts. Because the skill has networked and potentially mutating capabilities, over-triggering increases the risk of unnecessary connection setup or unintended actions in external systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs use of direct API requests with mutating HTTP verbs but does not warn that these actions may create, update, or delete live data. In an agent setting, the absence of safety guidance can lead to accidental destructive operations without explicit user consent or review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal