Status Hero

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Status Hero integration that uses Membrane for disclosed authentication and API access, with no evidence of hidden or malicious behavior.

Install this only if you want an agent to access Status Hero through Membrane. Review action IDs, API paths, request bodies, and any create/update/delete operation before execution, and avoid sending sensitive status details unless they belong in Status Hero.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to send direct proxy requests to the external Status Hero API, but it does not require a user-facing confirmation or warning that data may leave the local/system boundary. In an agent setting, this can cause sensitive prompts, identifiers, or business data to be transmitted off-system without sufficiently informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal