Faceup

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly harmful, but it needs review because it connects an authenticated FaceUp account while giving conflicting product descriptions and broad API powers.

Install only if you can verify which FaceUp service this targets and you trust Membrane to broker the connection. Use a least-privileged account, review each discovered action before running it, require explicit confirmation for create/update/delete requests, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill documentation is internally inconsistent: it describes FaceUp as a financial planning tool, but the exposed resources resemble a social network API (profile, posts, friends, messages). This mismatch can cause an agent to make unsafe assumptions about the type and sensitivity of data being accessed, leading to inappropriate actions, data handling, or disclosure.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation description is overly broad: 'Use when the user wants to interact with FaceUp data' provides little constraint on what kinds of requests are in scope. Broad routing language can cause the agent to activate this skill for ambiguous prompts and initiate external actions or data access without enough contextual validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal