Cuttly

Security checks across malware telemetry and agentic risk

Overview

This Cutt.ly integration is understandable, but it gives an agent broad authenticated power to edit or delete live short links without clear confirmation rules.

Install only if you trust Membrane and want an agent to manage your Cutt.ly account. Review every edit, redirect, delete, or raw proxy request before it runs, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly advertises a destructive 'Delete Short Link' capability but provides no guidance to require explicit user confirmation before invoking it. In an agentic context, this increases the risk of accidental or unauthorized deletion if a user request is ambiguous or if the agent misinterprets intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal