Starshipit

Security checks across malware telemetry and agentic risk

Overview

This Starshipit skill is coherent, but it gives an agent broad authenticated power to change shipping business data without clear approval safeguards.

Review before installing. Use a least-privileged Starshipit/Membrane connection where possible, confirm every create, update, delete, manifest, and label-printing action immediately before execution, and avoid raw proxy requests unless you have reviewed the endpoint, HTTP method, and data being sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises destructive actions such as delete-order and delete-product alongside create and update operations without any guidance to require explicit confirmation or warn about irreversible effects. In an agentic environment, this increases the chance that a model will execute harmful state-changing operations from ambiguous prompts or misunderstood intent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The proxy request section enables arbitrary authenticated API calls through Membrane but provides no warning about sending sensitive data, invoking unsupported endpoints, or performing unintended writes. This is more dangerous than curated actions because it bypasses safer abstractions and could let an agent exfiltrate data or trigger powerful API operations with broad account scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal