Voodoo Sms

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Voodoo SMS integration, but users should be careful with its broad raw API proxy because it can perform state-changing requests.

Install if you are comfortable letting Membrane mediate access to your Voodoo SMS account. Prefer discovered Membrane actions over raw proxy calls, review any POST, PUT, PATCH, DELETE, message-sending, or bulk operation before it runs, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents a generic proxy mechanism that supports arbitrary API paths and mutable HTTP methods such as POST, PUT, PATCH, and DELETE, but it does not warn that these operations can transmit sensitive data externally or modify/delete remote records. In an agent setting, this increases the chance of unintended state-changing requests being executed without clear user awareness or confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal