ClawHub

Confluence

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says for Confluence, but it can make live wiki changes with an Atlassian token and has insufficient guardrails for that authority.

Install only if you trust the publisher and can provide a least-privilege Atlassian API token limited to the Confluence spaces the agent should access. Treat this as a live write-capable integration: require explicit user approval before creating pages, updating pages, adding comments, or adding labels, and avoid untrusted label input until the Python interpolation bug is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly requires environment secrets, invokes a shell script, and performs networked actions against Confluence, but it does not declare corresponding permissions. That creates a trust and policy gap: the runtime may expose sensitive capabilities without clear review boundaries, and users or platform controls may underestimate what the skill can access and modify.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger terms are broad enough that ordinary requests about documentation, pages, or a knowledge base could activate this skill unexpectedly. In a skill with read/write Confluence access, overbroad invocation increases the chance of unintended access to enterprise wiki data or accidental modification when the user did not specifically intend to use Confluence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The helper functions support authenticated POST and PUT operations that can create or modify Confluence content without any built-in confirmation, dry-run mode, or guardrails. In an agent setting, this increases the risk of unintended destructive or sensitive changes being made with valid credentials based on misinterpretation, prompt injection, or ambiguous user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal