Aylien News Api

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Aylien News API helper that uses Membrane for authentication and API calls, with no evidence of hidden or destructive behavior.

Install only if you trust Membrane to broker access to your Aylien account. Prefer the listed Membrane actions, review any direct proxy path before use, and require explicit confirmation before sending POST, PUT, PATCH, or DELETE requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The skill documents raw proxy requests and explicitly lists mutating HTTP methods without warning that they may modify or delete remote data. In an agent context, that omission can normalize unsafe use of direct API calls and increase the chance of unintended state-changing requests when the user expected read-only news retrieval behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal