Chargeover

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ChargeOver billing integration, but it gives an agent live payment, cancellation, deletion, and raw API authority without clear confirmation safeguards.

Install only if you intend to let an agent operate on live ChargeOver billing data. Use a least-privilege Membrane/ChargeOver account, verify the Membrane CLI package before global installation, and require manual confirmation with exact IDs, amounts, and consequences before any payment, cancellation, update, delete, or non-GET proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises destructive operations like deleting customers/items, canceling subscriptions, and making payments without any caution about confirmation, authorization, or irreversible business impact. In an agent setting, this increases the chance of unsafe execution of high-impact actions on live billing data from ambiguous or incomplete user requests.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The proxy section permits arbitrary authenticated API requests with methods including POST, PUT, PATCH, and DELETE, but provides no warning that these can modify or destroy production billing data. Because the proxy inherits valid credentials and broad API reach, an agent could bypass safer pre-built actions and perform unintended high-impact writes directly against ChargeOver.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal