ClawHub

BoxHero

Security checks across malware telemetry and agentic risk

Overview

This BoxHero skill is a disclosed read-only connector for inventory lookup, with some broad wording that users should treat as limited to the listed actions.

Install this if you want an agent to read BoxHero inventory, item, team, and location data through your OOMOL-connected account. Treat it as read-only despite the broad wording, and do not approve any future create, update, or delete BoxHero operation unless the action is clearly documented and you confirm the exact effect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest and description claim this skill is for searching and reading BoxHero data, but the body includes guidance for create, update, post, send, and delete style actions. That mismatch can cause an agent or user to trust the skill as read-only when the operational guidance is actually broader, increasing the risk of unintended state-changing or destructive operations.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The file says the skill exposes 4 actions, all of which are read-oriented, but later provides generic instructions for create/update/delete operations not present in the declared action list. This inconsistency weakens operator understanding of the true capability boundary and could encourage unsafe assumptions or future misuse if additional actions become available through the connector.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase instructs use of this skill for ANY BoxHero request, which is overly broad and can cause automatic routing without checking whether the request is appropriate, safe, or within the skill's declared scope. In an agent setting, broad routing language increases the chance of overreach and accidental execution in contexts that need tighter validation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal