Booqable

Security checks across malware telemetry and agentic risk

Overview

This Booqable skill is coherent, but it can change real business records through delegated account access without explicit confirmation guardrails.

Install only if you are comfortable granting Membrane-backed access to Booqable. Use the least-privileged account available, review the Membrane CLI you install, and require the agent to show exact records and parameters before creating, updating, archiving, canceling, reserving, starting, or stopping anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill description is broad enough that an orchestrator could invoke it for generic requests involving orders, customers, or records without a strong signal that the user explicitly intended to operate on Booqable. In a skill that can read and modify business data, over-broad routing increases the chance of unintended data access or state-changing actions in the wrong system.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation advertises actions such as create, update, archive, cancel, start, stop, and reserve, but does not instruct the agent to obtain confirmation before performing irreversible or business-critical changes. In an autonomous agent setting, this omission can lead to unauthorized modifications, cancellations, or operational disruption from ambiguous user requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal