ClawHub

SuperSaaS

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-only SuperSaaS connector wrapper, with no artifact evidence of hidden code, exfiltration, persistence, or destructive behavior.

Install only if you intend to let an agent read data from your connected SuperSaaS account through OOMOL. Review the live connector schema before use, and require explicit confirmation before any future connector action that is tagged or described as changing or deleting SuperSaaS data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest and description promise this skill is for 'searching and reading data,' but the body instructs the agent to inspect arbitrary action schemas and run any action on the connector. That mismatch can cause an orchestrator or user to trust the skill as read-only when it is actually capable of invoking state-changing operations, creating a risk of unauthorized writes or destructive actions.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill presents safety guidance for hypothetical [write] and [destructive] actions even though the enumerated actions shown are read-only, while earlier instructions say to fetch live schemas and run actions generally. This inconsistency weakens operator understanding of what the skill may do and could let newly exposed connector actions be executed without the safeguards implied by the visible action list.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to use this skill for ANY SuperSaaS request is overly broad and encourages automatic routing of all SuperSaaS-related tasks through a connector wrapper without regard to least privilege or task sensitivity. In context, that broad trigger is more dangerous because the same skill also contains generic action-execution guidance, increasing the chance of unintended privileged operations being performed through a trusted path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal