Levity

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Levity integration, but it gives an agent broad authenticated request power that is not tightly limited to Levity or guarded for write operations.

Install only if you trust Membrane and want an agent to operate your Levity account. Prefer listed Membrane actions over raw proxy calls, and require explicit approval before any full-URL request, request body, custom header, or POST/PUT/PATCH/DELETE operation. Avoid shared machines unless you understand and can revoke the stored Membrane credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly allows passing a full URL to Membrane's proxy, which expands the integration from Levity-only operations to arbitrary outbound HTTP requests. In an agent context, this can enable SSRF-like behavior, access to unintended services, data exfiltration, or use of the skill as a general network pivot beyond the stated Levity scope.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation encourages direct API requests and lists state-changing methods like POST, PUT, PATCH, and DELETE without cautionary guidance or confirmation requirements. In an agent-driven workflow, this increases the chance of unintended destructive actions such as modifying pipelines, users, or other Levity resources without sufficient safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal