Kickserv

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Kickserv integration using Membrane for authenticated access, with a broad proxy feature that should be used carefully but is aligned with the stated purpose.

Install only if you are comfortable granting Membrane-mediated access to your Kickserv account. Prefer listed prebuilt actions, review any raw proxy endpoint and HTTP method, and require explicit confirmation before creating, updating, or deleting business records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly documents a generic authenticated proxy mechanism that can issue arbitrary HTTP methods, including modifying or deleting requests, without any nearby warning to require explicit user confirmation for destructive operations. In an agent setting, this increases the chance of unintended writes, bulk changes, or deletions against real Kickserv data if the model extrapolates from the documentation and acts without sufficient guardrails.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal