Iauditor By Safetyculture

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SafetyCulture integration that can modify organization data, but the artifacts are coherent and show no hidden or malicious behavior.

Install only if you are comfortable granting Membrane-mediated access to the selected SafetyCulture account. Review create, update, proxy, and delete requests carefully, require explicit confirmation before any permanent deletion, and consider pinning the Membrane CLI version instead of using the moving latest tag.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents a permanently destructive operation, 'Delete Inspection', but provides no guidance to require explicit user confirmation, validate intent, or warn about irreversible consequences. In an agent setting, this increases the risk of accidental or over-broad deletion if the model selects the action from a natural-language request without a safety checkpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal