Repairshopr

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate RepairShopr integration, but it should be reviewed because it can access and change sensitive business and financial records without clear confirmation safeguards.

Install only if you trust Membrane and are comfortable connecting it to RepairShopr. Use the least-privileged RepairShopr account available, manually confirm any invoice, payment, refund, deletion, user/settings, or bulk change before it runs, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is broad enough to match many generic business-data requests, which increases the chance the agent invokes this integration in situations the user did not clearly intend. In a skill that can query and mutate CRM, invoicing, ticketing, and customer records, overbroad routing can lead to unintended access or modification of sensitive third-party data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions show how to run arbitrary actions and direct proxy requests, including mutating HTTP methods like POST, PUT, PATCH, and DELETE, without requiring explicit user confirmation or warning about destructive effects. Because this skill targets operational business systems, an agent following these instructions could create, modify, or delete invoices, tickets, customers, or other records unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal