Back to skill

Security audit

Memberstack

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Memberstack connector that can read and change member data through OOMOL, with explicit confirmation required before writes or deletion.

Install this only if you want Codex to manage Memberstack through your OOMOL-connected account. Review any proposed create, update, plan-change, or delete payload carefully before approving it, because those actions can change or permanently remove member data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The phrase 'Use this skill for ANY Memberstack request' creates an overly broad trigger condition that can cause the agent to invoke this skill for incidental mentions, ambiguous requests, or cases where direct reasoning would be safer. In a write-capable skill that can create, update, and delete Memberstack data, accidental invocation increases the chance of unnecessary data access or unintended state-changing operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.