Ottertext

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it mixes up which service it targets while granting broad authenticated API access, so it should be reviewed before use.

Before installing, verify that this is the exact service you intend to connect and that Membrane is connecting to the right domain. Use a least-privilege account, prefer discovered high-level actions over raw proxy requests, require explicit approval before sending messages or changing/deleting account data, and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill claims to manage OtterText records/data, but its documented capabilities target Otter.ai resources and also expose broad connection and proxy behaviors. This mismatch can cause the agent or user to authorize and operate on the wrong external service, increasing the chance of unintended data access or actions under false assumptions.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents arbitrary proxy access to API endpoints with mutating methods such as POST, PUT, PATCH, and DELETE. That grants a much broader operational surface than the stated purpose and can enable destructive or sensitive actions against the connected account without sufficient guardrails.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The invocation description is very broad, so the skill may be selected for many loosely related requests involving OtterText data. In combination with the skill's expansive documented capabilities, over-broad routing increases the risk of the agent invoking this integration in contexts the user did not specifically intend.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The direct proxy request guidance describes arbitrary network requests to the external service but does not warn that these calls may perform sensitive reads or destructive writes. Without clear notice and confirmation requirements, an agent could execute broad external operations that exceed user expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal