Shipamax
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Shipamax integration, but it gives an agent broad authenticated access to business records and raw API operations without clear guardrails.
Install only if you are comfortable letting an agent operate through a connected Shipamax account. Use the least-privileged Membrane/Shipamax connection available, revoke it when no longer needed, ask for explicit approval before create/update/delete/workflow/bulk/proxy operations, and consider pinning the Membrane CLI version instead of installing @latest.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.