Raindrop.io API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Raindrop.io API helper, but live use can let an authorized agent read or change bookmark data.

Install this if you want help building Raindrop.io API or MCP integrations. For live use, provide only least-privilege credentials through a secure mechanism when possible, review any bulk delete, move, merge, export, backup, or sharing operation before execution, and revoke tokens or MCP access when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill explicitly says to ask the user for client credentials or a token for live API calls, but it does not warn about the sensitivity of those secrets or recommend safer handling. In an agent setting, this can normalize pasting bearer tokens or OAuth client secrets into chat, increasing the risk of credential exposure, replay, or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal