ClawHub

FraudLabs Pro

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate FraudLabs Pro connector, but it is advertised as read-only while also documenting an action that can approve or reject order feedback.

Install only if you are comfortable giving this skill write-capable access to FraudLabs Pro through your connected account. Treat approve/reject feedback as a business-impacting action and confirm the exact order and decision before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest description says the skill is for 'searching and reading data,' but the documented actions include state-changing operations such as feedback submission. This mismatch can mislead users or higher-level agents into invoking the skill under the assumption it is read-only, increasing the risk of unintended writes to FraudLabs Pro.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation explicitly frames the skill as appropriate for 'searching and reading data,' yet it exposes commands that can approve or reject order feedback and otherwise modify remote state. In an agent setting, misleading capability descriptions are dangerous because policy decisions may rely on those descriptions to permit execution without sufficient confirmation.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it should be used only for searching and reading data, but this action explicitly sends approve/reject feedback for an order transaction, which is a state-changing write operation. That mismatch can mislead downstream agents or policy systems into granting this skill broader trust than warranted, enabling unauthorized transaction-status changes or fraud workflow manipulation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal