Neuronwriter

Security checks across malware telemetry and agentic risk

Overview

This NEURONWriter skill appears legitimate, but it gives agents broad authenticated API access through Membrane without enough scope limits or confirmation guidance.

Install only if you are comfortable connecting Membrane to your NEURONWriter account. Before allowing proxy requests or POST, PUT, PATCH, or DELETE actions, confirm the exact endpoint, method, data being sent, and expected account changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The manifest advertises a narrower scope ('Manage Projects, Users') than the body of the skill, which additionally enables content/SEO workflows, action discovery, raw action execution, and direct proxy access to arbitrary NEURONWriter API endpoints through Membrane. This scope mismatch can cause an agent or reviewer to underestimate the skill's effective privileges and approve or invoke it in situations where broader external actions are possible.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal