Jitsu

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Jitsu integration skill that uses Membrane CLI commands, with a disclosed raw API fallback that users should treat carefully.

Before installing, verify that you trust Membrane and the @membranehq/cli package, since Membrane will broker access to your Jitsu account. Use prebuilt Membrane actions when available, and only run raw proxy requests or state-changing methods such as POST, PUT, PATCH, or DELETE when you clearly intend to modify Jitsu data or configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents arbitrary proxy requests and mutable HTTP methods (POST, PUT, PATCH, DELETE) without requiring confirmation gates, warning about outbound data transmission, or distinguishing read-only from state-changing operations. In an agent context, this can lead to unintended modification of Jitsu configuration or export/transmission of data to external systems if the agent acts on ambiguous user requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal