Tinypng
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed TinyPNG integration that uses Membrane for authentication and API access, with no evidence of hidden or unrelated behavior.
Install this only if you trust Membrane and intend to connect TinyPNG through it. Review any direct proxy request before it runs, and approve mutating API calls only when they match the task you asked the agent to perform.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.