Insightoai

Security checks across malware telemetry and agentic risk

Overview

This is a real Insighto.ai integration, but it gives an agent broad authenticated power to change data and contact people while the documented scope is inconsistent and lacks clear confirmation rules.

Install only if you intend to let an agent operate an authenticated Insighto.ai account through Membrane. Use a least-privilege account, verify the Membrane CLI package before global installation, manually approve every delete/update/message/call, and be cautious with raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The manifest advertises the skill as managing Organizations and Users, but the body documents actions for assistants, conversations, contacts, widgets, messaging, and phone calls. This capability mismatch can cause an agent or user to invoke the skill under false assumptions, leading to unintended access to broader and more sensitive operations than expected.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The overview claims the primary objects are Dataset, Column, Model, Project, and User, but the actionable section targets a different resource model entirely. This inconsistency undermines operator understanding and can cause agents to perform actions against the wrong domain or with incorrect expectations about the data being handled.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The invocation description is broad enough that the skill may be selected for generic requests involving Insighto.ai data, even when the user's intent does not match the skill's real capabilities. Over-broad routing increases the chance of unnecessary connection setup, exposure of unrelated actions, or execution of high-impact operations in the wrong context.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents destructive and high-impact actions such as deleting assistants, conversations, and contacts, plus outbound messaging and calling, without requiring confirmation or warning about side effects. In an agent setting, this omission can lead to accidental irreversible deletions, unauthorized communications, or costly external actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal