Swagup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SwagUp/Membrane integration, but it gives broad authenticated access to a connected account without clear approval guardrails.

Install only if you intend to connect a SwagUp account through Membrane. Before allowing changes, require the agent to show the exact action or endpoint, HTTP method, and request body, and explicitly approve any create, update, or delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The manifest description claims CRM-style capabilities such as managing Persons, Organizations, Deals, and Leads, while the rest of the skill documents SwagUp entities like shipments, orders, templates, and warehouses. This mismatch can cause the agent to invoke the skill for unrelated tasks, leading to inappropriate data access attempts, incorrect actions, or user confusion about the scope of the integration.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation text is broad enough that an agent may select this skill for many generic requests involving SwagUp data, without clear constraints on what operations are intended or safe. Over-broad routing increases the chance of unintended external actions or unnecessary exposure of connected account data when a narrower tool or no tool should have been used.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal