ClawHub

Venn Nino

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate enterprise-connector purpose, but it installs an unpinned third-party CLI and can access broad work accounts with overly broad activation rules.

Review before installing. Proceed only if you trust the publisher, the Venn service, and the external mcporter fork; prefer a pinned or signed release if available, supervise OAuth scopes, and explicitly confirm any setup, write, or multi-step actions against connected work systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The installer clones and executes build steps from a third-party GitHub repository (`mansilladev/mcporter`) that does not clearly match the advertised Venn skill identity. This creates a supply-chain risk: users are induced to trust and install code from an unrelated source, and the script then runs package installation and build commands that may execute arbitrary install scripts from that repository's dependency tree.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation rule triggers not only on explicit @venn invocation but also on ordinary requests about common SaaS services like Gmail, Jira, and Notion. In a broad enterprise-data skill, this can cause unintended invocation, unnecessary credentialed access attempts, or silent escalation from a general query into connected-system operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup flow instructs the agent to save a user-provided Venn Universal URL into persistent configuration/environment storage without a clear warning that the value will be retained. Even if the URL is not a secret token, persisting connection metadata without explicit notice can expose internal endpoints, tenant details, or enable future unintended reuse.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal