Chargeblast

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Chargeblast/Membrane integration, but it can perform sensitive payment and merchant changes without clear approval safeguards.

Install only if you intend to let an agent operate on Chargeblast through Membrane. Before any non-read-only action, require the agent to show the connection, action or endpoint, target resource, payload, and expected effect, then wait for explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises destructive or state-changing actions like unenrolling merchants, enrolling merchants, uploading orders, creating credit requests, and updating alerts without requiring confirmation or warning about side effects. In an agent setting, this increases the chance of accidental operational changes, especially if the model interprets an ambiguous request as authorization to mutate billing or dispute workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The proxy request section enables arbitrary API access with POST, PUT, PATCH, and DELETE and gives generic instructions for sending authenticated requests, but it does not impose approval gates, endpoint allowlisting, or warnings about destructive impact. Because Membrane injects valid auth automatically, a misled or over-permissive agent could perform high-impact account changes or data modification directly against the backend.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal