Funnelcockpit

Security checks across malware telemetry and agentic risk

Overview

This FunnelCockpit skill is a legitimate-looking integration, but it grants broad authenticated access, including delete/update actions and raw API requests, without enough scoping or confirmation guidance.

Review before installing. Use a least-privilege FunnelCockpit/Membrane account, verify the Membrane CLI package/version before global installation, and require explicit confirmation before any create, update, delete, unsubscribe, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill metadata says it is for managing organizations, but the documented capabilities include contact management, webinar operations, and generic API access. This scope mismatch can cause an agent or user to invoke the skill in situations far broader than intended, increasing the chance of unauthorized or surprising actions.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The raw proxy feature allows arbitrary authenticated requests to the FunnelCockpit API, which effectively bypasses the safer, narrower action model described elsewhere. In a skill advertised for organization management, this broad capability enables access to unreviewed endpoints and potentially destructive operations beyond the expected scope.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation condition 'use when the user wants to interact with FunnelCockpit data' is overly broad and may cause the skill to be selected for many unrelated or overly privileged tasks. Over-broad routing increases the chance that the agent uses this integration when a narrower, safer tool or a clarification step would be more appropriate.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation prominently exposes delete actions for email and CRM contacts without requiring confirmation or warning about irreversible effects. In an agentic context, that omission raises the risk of accidental destructive operations, especially if an LLM selects actions based on natural-language intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal