ClawHub

Composio Connect

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent but very broad: it can route an agent into many third-party account actions with little built-in scoping or consent guidance.

Install only if you intentionally want one skill to broker broad access to your connected SaaS accounts. Verify the mcporter package and COMPOSIO_MCP_URL, use the least-privileged Composio/OAuth scopes you can, and require explicit user approval before creating, sending, posting, deleting, or modifying anything in external apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is extremely broad, covering hundreds of apps and many common user intents, which increases the chance the agent will select this skill for requests involving sensitive third-party actions. In this context, over-broad routing is risky because the skill enables real external side effects across email, messaging, calendars, issue trackers, and document systems once invoked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation demonstrates direct execution of third-party actions like changing Spotify playback volume, creating Todoist tasks, and drafting Gmail content without any explicit warning about privacy, authorization scope, or real-world side effects. Because this skill fronts 850+ apps with managed OAuth, missing guardrails materially increases the risk of unintended data access, message creation, account changes, or other external actions on behalf of the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal