Respondio

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Respond.io integration, but it needs Review because it gives an agent broad Respond.io API write/delete ability without clear confirmation safeguards.

Install only if you trust Membrane and need agent access to Respond.io. Use the least-privileged Respond.io account available, review the global CLI install, and require explicit approval before any create, edit, delete, broadcast, user/team, or raw proxy request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation description is broad enough that an agent may select this skill for generic requests involving organizations or external data interaction, even when the user did not specifically intend to access Respond.io. In a network-enabled skill with read/write capabilities, over-broad routing increases the chance of unintended external API access, data exposure, or mutations in the wrong system.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents a generic proxy mechanism for sending arbitrary requests to the Respond.io API, but it does not instruct the agent to obtain user confirmation before transmitting data or performing state-changing operations. This is risky because the proxy can be used for destructive or privacy-impacting actions outside the safer pre-built action layer, increasing the chance of silent data mutation or broad data exfiltration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal