Manifestly Checklists

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Manifestly Checklists integration, with a disclosed raw API proxy that users should treat carefully for write or delete actions.

Install this only if you want an agent to operate your Manifestly account through Membrane. Prefer discovered/prebuilt actions, and require the agent to summarize and get approval before creating, updating, or deleting Manifestly data via raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents raw proxy requests with support for POST, PUT, PATCH, and DELETE but does not require confirmation or warn that these operations can modify or delete external data. In an agent setting, this increases the risk that the agent performs destructive actions against a live Manifestly account based on ambiguous prompts or incorrect parameter construction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal