ClawHub

Postman

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Postman connector, but it needs review because it broadly enables sensitive reads and high-impact Postman changes with uneven safeguards.

Install only if you intend to let an agent operate a broad Postman account connector. Use a least-privileged Postman connection where possible, require explicit approval before any write/delete/publish/sync/run/review action, and avoid printing or logging full access keys, team user lists, emails, billing records, or environment/global variable values unless truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill exposes sensitive account, billing, team-user, group, SCIM, and access-key related actions that go beyond a generic 'Postman request' capability and expand the blast radius if the skill is invoked broadly. In an agent setting, this increases the chance of unintended access to organizational metadata or billing information without a narrowly scoped user intent.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The safety section understates which operations mutate state by implying create/update/send/post are the main risky actions, while many listed non-POST operations like delete, merge, sync, transfer, publish, and replace also change state. Misleading safety guidance can cause an agent or operator to under-confirm destructive or high-impact actions and perform unintended modifications.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text says to use this skill for ANY Postman request and instead of calling the API directly, which is overly broad for a skill that includes both read-only and highly privileged administrative/destructive actions. In an autonomous agent environment, such breadth increases the likelihood of accidental invocation in contexts where a narrower or safer tool should have been selected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This action enumerates all team users and explicitly returns personal and organizational data such as names, usernames, emails, roles, and join timestamps, but the description provides no warning about the sensitivity of that data. In an agent context, missing a privacy warning increases the chance of unnecessary disclosure, oversharing in downstream outputs, or use in contexts where the caller did not intend to expose employee directory information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The action explicitly retrieves collection access keys, which are sensitive secrets that can grant access to Postman collections. The description does not warn users that the output may contain tokens and related collection metadata, increasing the chance that an agent or user will request, expose, log, or mishandle these secrets inappropriately.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal