ClawHub

Freshdesk

Security checks across malware telemetry and agentic risk

Overview

This Freshdesk skill is a disclosed read-only connector wrapper, with only minor documentation overbreadth to keep in mind.

Install only if you are comfortable connecting Freshdesk through OOMOL and letting the oo CLI read account, ticket, and conversation data. Treat it as read-only despite the generic safety notes, and require explicit confirmation before using any future Freshdesk action that would create, update, post, send, delete, or remove data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and description constrain the skill to searching/reading, but the body instructs use for ANY Freshdesk request and discusses state-changing operations. This mismatch can cause an agent to overtrust the skill's scope and invoke it in contexts involving write/delete behavior that was not clearly declared, increasing the chance of unintended or unauthorized actions.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill says it exposes only four read-only actions, yet its safety section includes generic guidance for create/update/delete operations. Even if no such actions are currently listed, this contradictory documentation can mislead downstream agents or reviewers about the skill's true capabilities and weaken policy enforcement around action safety.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The instruction to use this skill for ANY Freshdesk request is overly broad and may cause an agent to route unrelated or higher-risk Freshdesk tasks through this skill automatically. In context, that broad trigger is more dangerous because the skill documentation is inconsistent about whether it is read-only or may support state-changing actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal