ClawHub

Plausible Analytics

Security checks across malware telemetry and agentic risk

Overview

This Plausible Analytics skill is a disclosed connector wrapper with one write-capable analytics action that is documented and guarded by confirmation guidance.

Install this only if you want an agent to use your OOMOL-connected Plausible account. Treat record_event as a write action: review the exact event payload and site before approving it, since it can add analytics events and affect reporting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description says the skill is for 'searching and reading data,' but the documented actions include `record_event`, which performs a write operation. This mismatch can mislead an agent or user into treating the skill as read-only and invoking it without the confirmation safeguards appropriate for state-changing actions.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says Plausible usage should be limited to searching and reading data, but this action explicitly documents a write-capable operation that records pageviews or custom events. That scope mismatch is dangerous because an agent may invoke this skill under the assumption it is read-only, enabling unauthorized analytics manipulation, false telemetry injection, or covert signaling through event creation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction to use this skill for 'ANY Plausible Analytics request' is overly broad and encourages automatic routing of all Plausible-related tasks to a skill that includes a state-changing action. Broad invocation scope increases the chance of unnecessary tool use, accidental writes, or bypassing more precise policy checks that should depend on the specific task.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal