Phantombuster

Security checks across malware telemetry and agentic risk

Overview

This Phantombuster skill appears legitimate, but it lets an agent change and run automations through an authenticated account without clear approval safeguards.

Install only if you trust Membrane and intend to let an agent operate your Phantombuster account. Require explicit approval before script changes, agent launches or aborts, and raw proxy API calls; consider pinning the CLI version and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill documents both state-changing actions and raw proxied API requests without any guardrails around confirmation, scope validation, or destructive-operation warnings. In an agent setting, this can enable unintended launches, aborts, script changes, or direct API mutations if the model acts on ambiguous or adversarial prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal