Pdffiller

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real PdfFiller integration, but it gives an agent broad authenticated read/write API access without clear guardrails for destructive actions.

Install only if you intend to let an agent operate on your PdfFiller account through Membrane. Connect only the intended account, review the OAuth permissions, prefer discovered scoped actions over raw proxy calls, require explicit confirmation before POST, PUT, PATCH, DELETE, sharing, role, team, or bulk changes, and consider pinning the Membrane CLI version instead of installing @latest globally.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill metadata frames the capability as "Manage Accounts" and generic PdfFiller interaction, but the body documents a much broader operational surface, including arbitrary action discovery and raw proxied HTTP requests with full method support including DELETE, PATCH, and POST. This mismatch can cause an orchestrating agent or user to grant or invoke the skill under the assumption of limited scope, while the actual instructions enable far wider and potentially destructive access to documents, teams, users, folders, and other resources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal