Apideck

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Apideck integration guide that uses Membrane for authentication and API access, with no hidden installer, persistence, or unrelated behavior found.

Install this if you want an agent to help work with Apideck through Membrane. Before using proxy requests or write/delete actions, confirm the target connection, endpoint, method, and data being sent, especially for accounting, CRM, e-commerce, or file records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents raw proxy requests to an external API without an explicit warning that request paths, query parameters, headers, and bodies may contain sensitive user or business data that will be transmitted off-platform. In an agent setting, this increases the risk of unintended data exfiltration or privacy violations, especially when the agent falls back to direct requests instead of safer, pre-defined actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal