Magnetic

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Magnetic/Membrane integration, but it grants broad authenticated CRM/API control with unclear boundaries and some inconsistent service documentation.

Install only if you trust Membrane and intend to give the agent authenticated access to Magnetic data. Use the least-privileged Magnetic account available, verify the target domain before connecting, and require explicit approval before any create, update, delete, or raw proxy API request.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a narrowly scoped Magnetic integration, but the instructions enable broad connection management and arbitrary proxied API requests. That mismatch weakens least-privilege expectations and could let an agent perform actions outside the user’s understood intent or outside Magnetic-specific workflows.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The skill claims to target Magnetic CRM functionality, but the described resource model and referenced domain appear inconsistent with that product and instead resemble an unrelated file/workspace system. This inconsistency is dangerous because it can mislead an agent into connecting to or operating on the wrong service, causing unauthorized access, data exposure, or unintended actions in a different application.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal