Airparser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Airparser integration, but users should confirm destructive actions like deleting inboxes before allowing the agent to run them.

Install only if you trust Membrane and want the agent to operate through your authenticated Airparser connection. Use a least-privilege account where possible, avoid approving ambiguous delete or raw DELETE requests, and require the agent to restate the target inbox or endpoint before any destructive action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents a destructive capability ('Delete Inbox') without an explicit confirmation requirement or warning about irreversible data loss. In an agent setting, exposing destructive operations as ordinary actions increases the risk that the model may execute deletion from an ambiguous or under-specified user request, causing unintended loss of documents, schemas, or workflow state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal