Yoprint

Security checks across malware telemetry and agentic risk

Overview

This is a coherent YoPrint integration, but it gives an agent broad authenticated ability to change or delete live business records without clear confirmation safeguards.

Install only if you trust Membrane and intend to let an agent operate on your YoPrint account. Use the least-privileged YoPrint account available, prefer discovered Membrane actions over raw proxy requests, and require explicit human confirmation before any create, update, delete, bulk, invoice, order, user, or settings change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents a generic proxy request mechanism supporting POST, PUT, PATCH, and DELETE without emphasizing confirmation or safeguards for state-changing operations. In an agent setting, this can normalize direct arbitrary API access and increase the chance of unintended modification or deletion of YoPrint records if the model chooses proxy calls over safer scoped actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal