Whereby

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Whereby integration that uses Membrane for authentication and API access, with no hidden scripts or artifact-backed malicious behavior.

Install this only if you are comfortable using Membrane as the delegated connection layer for your Whereby account. Prefer discovered Membrane actions, review action inputs carefully, and require explicit confirmation before creating, updating, deleting, or sending raw proxy API requests against live Whereby data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly documents raw proxy requests with mutating HTTP methods like POST, PUT, PATCH, and DELETE, but does not warn that these operations can modify or destroy external data. In an agent setting, this increases the risk that the model performs destructive actions against a live Whereby account without clear user confirmation or guardrails.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal