Apitemplateio

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward APITemplate.io integration that uses Membrane for authenticated API access, with normal but potentially destructive account actions disclosed.

Install only if you intend to let the agent use Membrane with your APITemplate.io account. Before running update-template, delete-object, or proxy requests with mutating HTTP methods, review the target template or object ID and explicitly confirm the action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises a destructive delete capability without stating that the agent must obtain explicit user confirmation before executing it. In an agent setting, this increases the risk of accidental or prompt-induced deletion of generated PDFs/images, which can cause data loss or disruption even if the underlying API is authenticated correctly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal