Scoopit
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Scoop.it integration, but it gives an agent broad authenticated ability to act on public/business content without clear guardrails for write or delete actions.
Review before installing if your Scoop.it account controls public, business, or client content. Use predefined Membrane actions where possible, and require the agent to show the target action or endpoint, payload, and expected effect before creating, editing, publishing, or deleting anything.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.