ClawHub

monday.com

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate monday.com integration, but it asks for broad business-data access and tells agents to retain resource details by default, so users should review it carefully before installing.

Install only if you intend agents to operate on monday.com. Use a least-privilege monday.com token, pin or review the MCP package instead of relying on @latest, require explicit confirmation for destructive or bulk changes, and disable or limit persistent memory for board/item names, URLs, and context unless users knowingly opt in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The metadata description is overly broad and can cause the skill to activate for generic project-management, CRM, automation, or AI-workflow requests without clearly requiring a monday.com context. Over-broad routing increases the chance of unintended access to external systems and data-handling actions when a narrower skill should have been selected.

Vague Triggers

Low
Confidence
88% confidence
Finding
The phrase 'Manage everything on monday.com' is scope-maximizing language that lacks operational boundaries. While limited to the monday.com domain, it still encourages broad invocation across many high-privilege operations, including reads, writes, deletions, webhooks, and AI features, without a least-privilege framing.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The webhook example shows how to exfiltrate board event data to an arbitrary external URL without warning that board activity will be transmitted off-platform. In an agent skill context, this increases the risk that users or downstream implementers enable silent data egress of potentially sensitive project, CRM, or workflow information to untrusted endpoints.

Ssd 3

Medium
Confidence
96% confidence
Finding
The memory guidance explicitly instructs saving every created resource and reusing identifiers across interactions, which creates a durable cross-interaction data retention surface. Even if intended for convenience, this can expose project names, item metadata, URLs, and identifiers beyond the immediate need and risks cross-session leakage or unauthorized reuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal