ClawHub

19 API Gateway

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate API gateway, but it gives agents very broad live access to many third-party accounts with insufficient warnings and inconsistent authentication disclosure.

Install only if you trust Maton with brokered access to the connected services and are prepared to manage scopes carefully. Use least-privilege connections, avoid connecting admin or billing accounts unless needed, require explicit confirmation before send/post/delete/share/billing/admin actions, and review whether each service uses OAuth, API key, or Basic auth before connecting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (57)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README states that Baserow connections use API_KEY authentication via database tokens, which conflicts with the skill metadata claiming managed OAuth and explicit user authorization per service. This mismatch can mislead users and downstream agents about the trust and consent model, increasing the risk that long-lived API tokens are handled less safely or used outside expected authorization flows.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README states that authentication is automatic via an injected `APIKEY` header, which materially conflicts with the skill metadata claiming third-party access requires explicit user OAuth authorization. This can mislead downstream agents or users into assuming broader implicit access is available, increasing the risk of unauthorized requests, consent bypass assumptions, and unsafe handling of credentials.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README explicitly says the Manus connection uses API_KEY authentication, which conflicts with the skill metadata claim that third-party services require explicit OAuth authorization. This mismatch can cause unsafe trust assumptions by agents or users, leading them to invoke a third-party integration under weaker authentication controls than the skill advertises.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is explicitly designed to proxy authenticated requests into many third-party services, including write-capable endpoints such as creating contacts, posting messages, and deleting connections. Because the documentation provides actionable examples without a prominent warning that these calls can read, create, modify, or delete user data in connected services, users or downstream agents may underestimate the real-world side effects and trigger unintended actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents destructive and privacy-impacting operations such as deleting files/folders, restoring from trash, creating shared links, collaborations, search, recent items, events, and webhooks, but provides no cautionary guidance, confirmation requirements, or least-privilege notes. In an agent skill that brokers real OAuth-authorized access to Box, this can normalize unsafe use and increase the chance an agent invokes high-risk actions without adequate user confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that authentication is automatic and the router injects Basic auth, while also documenting customer, subscription, invoice, and transaction operations. Without an explicit warning that requests act on real authorized billing data and can expose sensitive customer/account information, users or downstream agents may treat examples as low-risk reference material and perform unintended live actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation includes a concrete subscription cancellation request with no warning that it is a destructive, potentially customer-impacting billing operation. In an agent skill context, this increases the chance an agent or user copies the example directly and cancels live subscriptions unintentionally, causing service disruption, revenue loss, and support burden.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation presents destructive team-member administration actions such as suspension and removal as routine examples without any caution about operational impact, data wipe behavior, or transfer semantics. In an agent context, this increases the chance that an LLM or user invokes high-impact admin actions without understanding that accounts may be disabled, wiped, or reassigned.

Missing User Warnings

High
Confidence
96% confidence
Finding
The README documents `team/team_folder/permanently_delete` without any warning that the operation is irreversible and may cause permanent data loss. In a tool-using agent environment, omission of that warning materially raises the risk of accidental destructive actions being carried out on behalf of an administrator.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explains how to use `Dropbox-API-Select-User` to access a member's files but does not include any privacy, consent, or auditability warning. Even if the API legitimately supports admin delegation, documenting impersonation-style access without guardrails can normalize invasive access and lead to misuse or overbroad data exposure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This reference documents state-changing Firebase endpoints such as updating projects and adding Firebase to a GCP project without any caution that these operations modify live cloud configuration. In an agent context, omission of mutation warnings increases the chance that an LLM or user triggers administrative changes unintentionally, especially because the skill is designed to act against external services via OAuth-authorized connections.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The app-creation examples for web, Android, and iOS apps present provisioning actions as routine calls without warning that they create new Firebase resources in the target project. In this skill context, managed OAuth limits access to authorized accounts, but once authorized these examples could still lead an agent to create unintended assets, causing configuration sprawl, operational confusion, or policy/billing consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README documents write and delete operations against a user's calendar, including event creation, update, patch, quick-add, and deletion, but does not warn that these actions modify or remove user data. In an agentic context, this increases the chance of unintended destructive actions because an agent may treat these endpoints as routine operations without surfacing user-consent or confirmation requirements.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README describes endpoints for listing calendars, listing events, getting events, and querying free/busy data without any privacy warning about exposing sensitive schedule details, descriptions, and attendee information. Because this skill is specifically meant to connect agents to third-party services via OAuth, the omission makes it easier for downstream agents to over-collect or disclose personal calendar data without emphasizing data-minimization or user awareness.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference documents destructive and permission-changing Google Drive operations such as delete and share, but it does not warn that these actions can permanently remove user data or broaden access to third parties. In an agent skill context, omission of safety guidance increases the chance that an agent will invoke these endpoints without explicit user confirmation or adequate risk framing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly documents state-changing Gmail operations such as sending email, creating and sending drafts, modifying labels, and trashing messages, but it does not warn that these actions can alter mailbox contents or trigger outbound communications. In an agent skill context, this increases the risk that an agent or user invokes destructive or externally visible actions without clear confirmation or awareness, especially because authentication is automatic once OAuth is connected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly exposes routes for listing participants, recordings, transcripts, and transcript entries, which are highly sensitive collaboration artifacts containing personal data and potentially confidential business content. In an agent skill context, omission of privacy and authorization cautions increases the risk that downstream agents or users will treat these endpoints as routine data access and retrieve sensitive meeting data without sufficient user awareness or justification.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README documents an operation that terminates an active conference but provides no warning that it is disruptive and can immediately impact availability for all meeting participants. In an agent-integrated API gateway, presenting this as a standard endpoint without requiring confirmation increases the chance of accidental or unjustified service interruption.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes destructive CRM delete operations without any warning to require explicit user confirmation or to highlight business/data-loss consequences. In an agent skill that can act on authenticated third-party services, this omission can encourage unsafe automation patterns where records are deleted based on ambiguous or manipulated inputs.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Stating that OAuth token injection is automatic without a corresponding privacy/security warning can cause agents or users to underestimate that every outbound request is authenticated against the user's connected HubSpot account. This increases the risk of unintended data access, modification, or exfiltration when requests are constructed from untrusted prompts or parameters.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The document exposes multiple state-changing and destructive Jira operations such as create, update, delete, assign, transition, and comment without any guidance to require user confirmation, permission checks, or impact warnings. In an agent skill context, this can encourage unsafe automation that modifies real project data or workflow state based only on loosely specified user input.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes destructive delete operations for forms and submissions without any warning about irreversible data loss or the need for confirmation. In an agent setting, this increases the chance that a model or user invokes deletion endpoints casually or due to prompt manipulation, causing unintended destruction of user data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Describing automatic API key injection without any credential-handling, privacy, or scope warning normalizes hidden authentication behavior and may encourage users or agents to send requests without understanding what identity or permissions are being used. In a multi-service gateway, that ambiguity can lead to accidental access, overtrust in implicit credentials, or leakage of sensitive assumptions about auth state.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README documents multiple state-changing and destructive Kibana endpoints, including create, delete, enable/disable, and connector execution operations, but provides no warning that these actions can alter or remove user data, spaces, alerting state, or downstream integrations. In an agent skill context, exposing such operations without explicit safety guidance increases the risk that an agent or user invokes them unintentionally or with insufficient confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README includes concrete examples for creating public posts, uploading media, and provisioning advertising resources, but it does not pair those side-effecting operations with any caution about obtaining explicit user confirmation first. In an agent skill context, this increases the risk that an agent may treat destructive or externally visible actions as routine API calls and perform unintended posting or ad-account changes on a user's LinkedIn presence.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal