ClawHub

Honeybadger

Security checks across malware telemetry and agentic risk

Overview

This Honeybadger skill mostly documents legitimate reporting actions, but its public description says it is for reading/searching while the actual actions all send data to a connected Honeybadger account.

Install only if you intend to let the agent submit Honeybadger check-ins, deployments, events, or exception notices. Do not treat this as a read-only Honeybadger search skill, and require the agent to show and confirm the exact payload before any oo connector run command is executed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest claims this skill is for "searching and reading data," but every listed action is a write/report operation that changes state in Honeybadger. This mismatch can mislead an agent or user into invoking a state-changing skill under the assumption it is read-only, increasing the risk of unauthorized event, deployment, check-in, or exception submissions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The safety section says read/list/search actions are safe to run directly, but the skill exposes no such actions and only documents report/create operations. This creates a misleading safety model that may cause an agent to apply relaxed confirmation behavior to operations that actually modify Honeybadger state.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata says the Honeybadger skill should be used for 'searching and reading data,' but this action documents a state-changing operation that reports a check-in with payload data. That scope mismatch can mislead downstream agents or users into invoking write-capable functionality they did not expect, increasing the risk of unauthorized status updates, false telemetry, or abuse of the connected Honeybadger account.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says Honeybadger usage should be limited to searching and reading data, but this action explicitly performs a state-changing operation by reporting a deployment. That scope mismatch can mislead an agent into taking write actions where only read-only behavior was authorized, creating a privilege and change-control bypass with downstream operational consequences.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The action documentation clearly exposes a write-capable operation (`report_event`) even though the skill metadata says the skill should be used for searching and reading Honeybadger data. This mismatch can mislead an agent or operator into invoking state-changing behavior under the assumption the skill is read-only, enabling unauthorized event injection, telemetry pollution, or abuse of the Honeybadger account.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says Honeybadger usage is limited to searching and reading data, but this action documents a write-capable operation that reports exception notices. That mismatch expands the effective privilege of the skill and can mislead downstream agents or reviewers into invoking a side-effecting action they would not expect, enabling unauthorized data submission, log poisoning, or abuse of the external service.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for ANY Honeybadger request is overly broad, especially because the skill only supports reporting actions and not general read/search workflows. In an agent setting, broad trigger text can cause unintended invocation in contexts where the user did not request a write operation, leading to accidental state changes or confusing failures.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal