Barcode Lookup
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Membrane-based Barcode Lookup integration with no bundled executable code, but it requires trusting Membrane for delegated account access.
Install only if you trust Membrane and the npm CLI package. Review browser authorization prompts carefully, use the intended Barcode Lookup account, and require explicit user approval before raw proxy requests that write or delete data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.