Paykickstart

Security checks across malware telemetry and agentic risk

Overview

This PayKickstart skill is a legitimate integration, but it gives an agent broad authenticated business-account access with weak scoping and no clear approval rules for changes or raw API calls.

Review before installing. Use a least-privileged PayKickstart account where possible, verify the Membrane connection permissions, and require explicit approval before the agent creates, updates, deletes, or directly proxies requests involving customers, orders, subscriptions, campaigns, webhooks, affiliates, or other business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest says the skill is for managing Campaigns, but the body documents broad access to many PayKickstart resource types plus arbitrary proxy requests. This mismatch can cause the skill to be invoked under a narrower expectation than its actual capability set, increasing the chance of overbroad access and unintended sensitive operations.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation text is broad enough that many generic PayKickstart-related user requests could trigger this skill, even when the user did not intend broad account interaction. In a skill that can enumerate actions and issue direct proxied API requests, loose routing increases the risk of unnecessary data exposure or unintended modifications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal