Flowla

Security checks across malware telemetry and agentic risk

Overview

This Flowla skill appears legitimate, but it needs review because it permits broad authenticated proxy requests, including full URLs and write/delete-style operations.

Install only if you trust Membrane and need Flowla automation. Prefer prebuilt Membrane actions, avoid full-URL proxy requests unless you have a clear reason, and require explicit confirmation before any write, delete, user, organization, or business-data changes. Protect or revoke the local Membrane credentials when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The documentation explicitly permits passing a full URL to the proxy request command, which broadens the skill from a scoped Flowla integration into a generic authenticated network client. That can enable SSRF-style behavior, access to unintended third-party endpoints, or misuse of the Membrane environment to reach resources outside the declared Flowla scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal