Sendinblue

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Sendinblue/Brevo integration, but it gives an agent broad authenticated power to change marketing data without explicit confirmation guardrails.

Install only if you trust Membrane and want an agent to operate your Sendinblue/Brevo account. Use a least-privileged connection where possible, review or pin the Membrane CLI instead of relying on @latest, and instruct the agent to ask before creating, updating, deleting, sending campaigns or SMS, or making bulk changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents `action run` and raw proxy requests, including arbitrary HTTP methods like POST, PUT, PATCH, and DELETE, without requiring confirmation before state-changing operations. In an agent setting, this can lead to unintended modification or deletion of Sendinblue data if the model infers an action from ambiguous user intent or uses the proxy path directly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal