Upviral

Security checks across malware telemetry and agentic risk

Overview

This UpViral helper is coherent, but it gives agents broad authenticated API access that could change or delete live marketing and account data without clear safeguards.

Install only if you trust the publisher and are comfortable letting an agent operate an authenticated UpViral account through Membrane. Prefer listed Membrane actions first, require explicit approval before any POST, PUT, PATCH, or DELETE request, and avoid sending unnecessary personal, customer, billing, team, security, or GDPR-related data through the raw proxy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly encourages direct proxy requests to the UpViral API but does not warn that request paths, query parameters, headers, and bodies may contain sensitive user or system data that will be transmitted to a third-party service. In an agent setting, this omission increases the risk of unintended data exfiltration, especially if an agent constructs requests from conversational context or internal state without explicit user confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal