Sumup

Security checks across malware telemetry and agentic risk

Overview

This SumUp skill is coherent and not malicious, but it gives broad authenticated access to a financial API without clear approval steps for changes.

Install only if you trust Membrane and intentionally want an agent connected to your SumUp account. Require the agent to show the exact endpoint, method, request body, and expected effect before any POST, PUT, PATCH, DELETE, refund, payout, or merchant-account change, and prefer scoped Membrane actions over raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a generic proxy interface that supports POST, PUT, PATCH, and DELETE against the SumUp API without any guardrails, confirmation requirements, or warnings about irreversible financial or record-changing actions. In a payments context, this increases the chance an agent will perform destructive or state-changing operations—such as refunds or merchant data modifications—without adequate user awareness or approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal