Ip2Locationio

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward IP2Location.io integration that uses Membrane for authenticated API access, with no evidence of hidden or malicious behavior.

Install only if you trust Membrane and are comfortable sending IP lookup data through Membrane to IP2Location.io. Prefer discovered Membrane actions, review browser authentication prompts, and require explicit approval before proxy requests that send sensitive data or perform POST, PUT, PATCH, or DELETE operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly encourages direct proxying of requests to the external IP2Location.io API, but it does not instruct the agent to warn the user, confirm consent, or minimize data before transmission. In an agent setting, this can lead to silent disclosure of user-provided IPs or related query data to a third-party service, which is a real privacy and data-handling risk even if the integration itself is legitimate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal