Emailable

Security checks across malware telemetry and agentic risk

Overview

This Emailable skill is mostly coherent, but it gives agents broad authenticated API access with unclear scope and limited user-control guidance.

Install only if you intend to let an agent access Emailable through Membrane. Require the agent to show the exact action or endpoint, HTTP method, payload, affected account data, and any credit or data-sharing impact before running batch, write, delete, or proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 73% confidence
Finding: The invocation text is broad enough that an orchestrator could select this skill for vague requests about 'Emailable data' without sufficient task or data-scope validation. In context, that increases the chance of unnecessary access to an external CRM/email-verification integration and unintended transmission or retrieval of user-related data.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly encourages direct proxying of arbitrary API requests to an external service without warning that supplied paths, query parameters, or bodies may contain user or third-party personal data. In this context, the skill is for email verification, so unreviewed proxy use can easily send sensitive contact information externally or bypass safer pre-built actions with better constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal