Artilleryio

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Artillery.io integration that uses Membrane for authenticated API access, with no hidden files, persistence, or destructive behavior in the artifact itself.

Install only if you trust Membrane with delegated access to the intended Artillery.io account. Prefer discovered Membrane actions over raw proxy requests, and explicitly review any request that creates, updates, deletes, or starts load-testing activity.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description is quite broad ('Manage data, records, and automate workflows') and could match many user requests that only loosely relate to Artillery.io. That increases the chance of unintended activation, which can lead an agent to connect to an external service or expose operational capabilities when the user did not clearly intend to use this integration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The proxy-request section documents arbitrary direct API access, including state-changing methods like POST, PUT, PATCH, and DELETE, but does not require confirmation or warn that requests may transmit sensitive data or modify remote resources. In an agent setting, this can enable accidental destructive actions or unreviewed data egress through generic request construction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal