Fountain
Security checks across malware telemetry and agentic risk
Overview
The skill is not clearly malicious, but it asks for authenticated Membrane access while being unclear about which Fountain service and API it is meant to control.
Install only if you trust Membrane and can confirm which Fountain account and API this skill will use. Prefer discovered Membrane actions over raw proxy requests, and require explicit approval before any create, update, patch, delete, publish, or sharing action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.