ClawHub

Fizzy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal Fizzy project-management integration, but users should treat its file-transfer, deletion, and token-handling features carefully.

Install only if you intend to let the agent manage your Fizzy workspace. Before use, confirm any delete, upload, or download operation explicitly, specify exact file paths for attachments, and store the Fizzy API token with least privilege and restrictive local access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill supports local file upload and download, but the manifest description does not disclose that it can read local files and write downloaded content. This matters because users or orchestrators may invoke the skill expecting only board/card management, while the tool can access local paths and move data between the workstation and the remote service, increasing exfiltration and overwrite risk.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented workflows include uploading local files and downloading attachments even though the manifest frames the skill mainly as board/card/task management. That mismatch can cause an agent to perform filesystem operations that the user did not reasonably anticipate, which is dangerous because local files may contain sensitive material and downloads can overwrite or place untrusted content on disk.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase 'anything Fizzy' is broad enough that an agent may select this skill for vague or tangential requests, increasing the chance of unintended API calls using stored credentials. In an agentic environment, overscoped routing is a security concern because it can cause actions to be taken in the wrong tool context, including modifications to boards, comments, notifications, or files.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents destructive commands like delete operations without warning about irreversible effects or recommending confirmation. In an agent setting, this increases the risk of accidental data loss because the skill lowers friction for destructive actions while providing no built-in cautionary language or confirmation pattern.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to place API tokens in environment variables or config files but provides no privacy or storage-safety warning. This is risky because tokens may be exposed via shell history, process environments, misconfigured file permissions, logs, or shared home directories, leading to unauthorized access to the Fizzy account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal