ClawHub
Back to skill

Security audit

Givebutter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Givebutter connector helper that reads Givebutter data through the OOMOL CLI, with no artifact-backed evidence of hidden writes, exfiltration, or destructive behavior.

Install only if you trust OOMOL and are comfortable connecting a Givebutter account that may expose donor, contact, campaign, recurring plan, and transaction records. Keep use to the listed read-only actions unless a future version clearly documents and confirms any write or destructive operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest and description promise a read/search-only Givebutter skill, but the body explicitly allows arbitrary connector actions and discusses handling [write] and [destructive] operations. That mismatch can mislead downstream agents or reviewers into invoking higher-risk capabilities under a read-only trust assumption, increasing the chance of unauthorized state changes if the connector exposes mutating actions.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill says untagged actions are safe reads, but it also instructs the agent to inspect live schema for arbitrary action names, meaning the visible action list is not an authoritative boundary. If the connector contract contains additional mutating or sensitive actions not listed here, an agent could wrongly treat them as safe and execute them without proper confirmation, enabling unintended writes or destructive operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use this skill for ANY Givebutter-related request is overly broad and encourages routing all Givebutter tasks through a tool whose effective capabilities are wider than the manifest suggests. Broad trigger scope increases accidental use in contexts involving sensitive data access or state changes, especially when paired with ambiguous capability boundaries.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal