Integromat

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Integromat/Make integration, but it gives an agent broad authenticated control over workflow data and API calls without clear write/delete guardrails.

Review before installing. Use a limited Integromat/Make account or workspace, prefer listed Membrane actions over raw proxy requests, require explicit approval before POST/PUT/PATCH/DELETE operations, and revoke the Membrane connection when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation description is broad enough to match many generic requests about managing data, records, or automation workflows, which can cause the skill to be invoked outside a narrowly intended Integromat/Make context. Over-broad routing increases the chance an agent will select this skill for unrelated tasks and then initiate external connections or actions with unnecessary access to third-party systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal