Munity

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Munity integration, but it gives an agent broad authenticated write and delete access through Membrane without clear confirmation safeguards.

Install only if you trust Membrane and are comfortable connecting a Munity account. Prefer prebuilt Membrane actions over raw proxy calls, use the least-privileged Munity account practical, and require explicit confirmation before creating, updating, deleting, posting, or automating changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents direct proxy requests supporting POST, PUT, PATCH, and DELETE without any caution about confirmation, dry-run behavior, or destructive side effects. In an agent setting, this increases the risk that the model may perform unintended state-changing operations against live Munity data based on ambiguous prompts or incomplete user intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal