ClawHub

Manus

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Manus API integration, but users should treat Manus tasks, share links, and downloaded outputs as external-service content.

Install only if you trust Manus with the prompts and files involved. Keep MANUS_API_KEY secure, avoid sending secrets or regulated data unless Manus is approved for that use, be careful with shareable links, and review or scan downloaded files before opening or redistributing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow instructs downloading generated files locally and sending them to the user without any caution about sensitive content, malware scanning, or validation of file type/origin. Because Manus is an autonomous external agent that can browse the web and produce arbitrary artifacts, its outputs could contain confidential data, prompt-injected content, or dangerous files that are redistributed to users.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill recommends enabling createShareableLink without warning that share links may expose task metadata or outputs beyond the intended recipient. If tasks contain proprietary prompts, uploaded material, or generated deliverables, a shareable URL can expand access and increase the chance of accidental disclosure.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The download command writes files returned by a remote service directly to disk with minimal user awareness or validation. Although the filename is sanitized to reduce path traversal risk, the script still fetches arbitrary remote content and stores it locally, which can expose users to unsafe files or accidental execution/use of untrusted outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal