Profitwell
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate-looking ProfitWell integration, but it gives an agent broad authenticated access to sensitive business data and raw mutating API requests without explicit confirmation safeguards.
Install only if you are comfortable letting an agent access ProfitWell through Membrane. Use a least-privileged ProfitWell/Membrane account where possible, review any requested action carefully, and require explicit approval before any POST, PUT, PATCH, or DELETE proxy request or other operation that could change billing, customer, subscription, role, or permission data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.