ClawHub

Snowsand Confluence

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Confluence Cloud helper that can manage live Confluence content, including deletion, but I found no hidden behavior or unrelated data access.

Install only if you want an agent to use your Confluence API token to read and manage Confluence content. Use a least-privileged token, verify the base URL, and require manual confirmation before updates, uploads, deletes, purges, label changes, or comment changes, especially in production spaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger text is very broad, covering essentially any Confluence or documentation-related task. Overly broad activation criteria can cause the skill to be invoked in contexts the user did not intend, increasing the chance of unexpected reads, writes, or destructive actions against Confluence content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation prominently includes create, update, delete, purge, upload, and comment operations but does not consistently warn that these actions modify or remove live Confluence content. In an agent setting, this can normalize risky commands and increase the chance of accidental destructive execution.

Missing User Warnings

High
Confidence
95% confidence
Finding
Documenting `delete-page --purge` without an explicit irreversibility warning is dangerous because it can permanently remove documentation content beyond normal recovery paths. In a broadly-triggered agent skill, that raises the risk of irreversible data loss from misunderstanding or accidental invocation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Attachment deletion commands are presented as routine workflow steps without clearly warning about potential loss of files stored in Confluence. Since attachments often contain source documents or evidence artifacts, accidental deletion can disrupt operations and audits.

Missing User Warnings

Low
Confidence
73% confidence
Finding
Deleting comments modifies user-generated content and can remove collaboration context, approvals, or review history. While lower impact than page purging, the lack of warning still increases the chance of unintended content alteration in an automated workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The page deletion command performs delete or purge immediately with no interactive confirmation, dry-run mode, or safety guard. In an agent or automation context, a mistaken argument, prompt injection, or misrouted task could cause irreversible loss of Confluence content at API speed.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Attachment deletion also executes immediately and supports permanent purge without any safeguard. Because attachments often contain business documents or evidence files, accidental or induced deletion can cause data loss and disrupt downstream workflows.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Comment deletion occurs without warning or confirmation, making accidental removal easy in scripted or agent-driven use. While lower impact than page or attachment deletion, comments can still contain approvals, audit context, or operational discussion that may be important.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal