Tubular
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent Tubular integration, but it gives an agent broad authenticated Membrane access, including raw change and delete API requests without clear approval limits.
Install only if you trust Membrane and intend to let an agent access your Tubular account. Prefer discovered Membrane actions over raw proxy calls, pin the Membrane CLI version when possible, verify the connection ID before use, and require explicit approval for any POST, PUT, PATCH, or DELETE request. Revoke the Membrane/Tubular connection when it is no longer needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.