ClawHub

Humanitix

Security checks across malware telemetry and agentic risk

Overview

This is a read-oriented Humanitix connector skill with some broad wording, but the actual documented actions are limited and coherent with its purpose.

Install this if you are comfortable connecting Humanitix through OOMOL and using the oo CLI to read event and tag data. Treat any future write or delete capability as higher risk and require explicit confirmation before using it; the current artifact documents only read actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest and description promise a read-only skill for searching and reading Humanitix data, but the instructions generalize to arbitrary connector actions and even discuss state-changing operations. That mismatch can cause an agent or user to trust the skill as low-risk while it may invoke write or destructive capabilities if such actions are exposed later or discovered dynamically via schema inspection.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The safety section references create/update/send/post/delete operations even though the documented available actions are only read-only. This inconsistency broadens the apparent operational envelope and may normalize running undocumented state-changing actions if they become accessible through the connector, undermining the user's ability to reason about risk from the skill documentation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase directing the agent to use this skill for ANY Humanitix request is overly broad and can override more precise or safer handling paths. Such broad routing increases the chance the skill is invoked in contexts beyond its validated read-only scope, especially when combined with dynamic schema inspection and contradictory documentation about possible write actions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal