ClawHub

AppDrag

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it presents itself as AppDrag data search/read support while exposing a broad backend function executor that can change or delete AppDrag state.

Install only if you intend to let the agent operate AppDrag backend functions through your OOMOL-connected account. Treat every `execute_function` call as potentially state-changing unless the live schema and selected HTTP method prove it is read-only, and require explicit approval for writes, posts, sends, updates, or deletes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata and description frame this as a tool for 'searching and reading data,' but the only exposed action is a generic backend function executor that can invoke arbitrary AppDrag functions with arbitrary HTTP methods. That mismatch can cause an agent or user to treat the skill as read-only and unintentionally approve or execute state-changing operations, creating a confused-deputy risk.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The safety section says read actions are safe, but this skill does not expose a bounded read action; it exposes a generic 'execute_function' primitive that can perform arbitrary methods and effects depending on the target backend function. This guidance may cause agents to rely on inaccurate safety cues and skip confirmation for operations that are actually mutating or destructive.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Telling the agent to use this skill for 'ANY AppDrag request' creates overly broad routing authority with no clear scope boundaries. In context, that is risky because the skill includes a powerful generic executor, so broad auto-selection can funnel sensitive or state-changing tasks into a capability that exceeds the user’s likely expectations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal