Lusha

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Lusha integration that uses Membrane for authenticated access to business contact data, with no hidden executable code or deceptive behavior found.

Install only if you intend to authorize Membrane and Lusha for business contact enrichment. Use it for lawful, authorized prospecting or enrichment, minimize exported contact fields, prefer the listed Membrane actions over raw proxy requests when possible, monitor account credit usage, and revoke the Membrane/Lusha connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly supports contact enrichment, prospecting, and raw proxy access to the Lusha API, which can expose or process personal contact information without any guardrails around consent, lawful basis, minimum necessary data use, or policy checks. In a sales-intelligence context handling personal data, omission of privacy and acceptable-use constraints increases the risk of unauthorized lookup, over-collection, and misuse of sensitive contact data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal