Appveyor

Security checks across malware telemetry and agentic risk

Overview

This AppVeyor integration is coherent but gives an agent broad CI/CD and account-management power, including deletes and raw API requests, without clear safety gates.

Install only if you intend to let an agent operate AppVeyor through Membrane. Use a least-privilege AppVeyor account, review the Membrane CLI before global install, and require explicit approval before deployments, collaborator/user changes, project changes, deletes, or raw proxy API requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises destructive operations like deleting projects, builds, and users without requiring confirmation or warning about irreversible effects. In an agent setting, this can enable accidental or overly eager execution of destructive admin actions, especially when paired with generic 'run action' guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal