Acumbamail

Security checks across malware telemetry and agentic risk

Overview

This Acumbamail skill matches its stated purpose, but it gives an agent broad authenticated power to delete mailing-list data and send emails without documented confirmation safeguards.

Install only if you trust Membrane and intend to grant access to your Acumbamail account. Before using it, require the agent to ask for explicit approval before deleting subscribers or lists, running batch changes, sending emails, or using direct proxy requests, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises destructive operations such as deleting subscribers and lists without any guidance to require explicit user confirmation, dry-run review, or safeguards. In an agentic context, this increases the chance of accidental or overly-trusting execution of irreversible actions that can remove marketing data or disrupt campaigns.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal