Simpletexting

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent SimpleTexting helper, but it gives an agent broad power to send messages and alter contacts or campaigns without clear confirmation safeguards.

Install only if you trust Membrane and want an agent to operate your SimpleTexting account. Require explicit approval before sending SMS/MMS, deleting campaigns, changing subscriptions or list membership, configuring forwarding, or using raw proxy requests, and revoke the connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill advertises destructive and privacy-impacting operations such as deleting campaigns, unsubscribing contacts, removing contacts, and sending messages, but it does not instruct the agent to obtain explicit user confirmation or warn about irreversible effects. In an autonomous or loosely supervised agent setting, this increases the risk of accidental data loss, unauthorized messaging, or compliance-impacting contact changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal