Docupost

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DocuPost integration, but it gives an agent broad authenticated power to modify business document data and send mail without clear approval boundaries.

Install only if you trust Membrane and want an agent to operate DocuPost on your behalf. Use a least-privileged DocuPost connection, prefer prebuilt Membrane actions, and require explicit approval before sending mail, changing users/groups/templates/workflows, deleting records, or using raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to use a generic proxy request mechanism that can access arbitrary DocuPost API endpoints, which exceeds the narrowly described examples and removes guardrails provided by pre-built actions. In an agent setting, this broad capability can enable access to sensitive resources or unintended state changes if the model misinterprets a user request or is prompt-injected.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy request section advertises support for GET, POST, PUT, PATCH, and DELETE without any warning that these methods may create, alter, or delete records. In an autonomous agent workflow, omission of confirmation and safety guidance increases the chance of unintended destructive actions against live DocuPost data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal