Membership

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a membership-benefits helper with no concrete evidence of hidden execution, persistence, credential use, or destructive behavior.

Install only if you want help with membership benefits, points, co-branded cards, redemptions, or similar workflows. Be careful with vague prompts that could route unrelated account questions to this skill, and do not provide sensitive account credentials unless a separate trusted integration clearly requires and scopes them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The example invocations are very broad and can match many unrelated user requests, which increases the chance this skill is triggered outside its intended membership-benefits domain. In an agent environment, overly broad routing can cause misfires, user confusion, and inappropriate guidance around accounts, benefits, or linked third-party services, especially where authorization or privacy-sensitive actions are involved.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal