Rapidapi

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed RapidAPI integration that uses Membrane for authenticated API access, with no evidence of hidden or malicious behavior.

Install only if you trust Membrane and need RapidAPI automation. Review the permissions granted during login, prefer listed Membrane actions over raw proxy requests, and explicitly confirm any request that sends sensitive data or creates, changes, or deletes account resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is very broad ('Manage data, records, and automate workflows') and can match many generic user requests, increasing the chance the agent invokes this skill in underspecified contexts. That can cause unintended external actions or data access before the user has clearly scoped the target API, account, or operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal