Basecamp Automation

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Basecamp automation helper, but it can make real project and membership changes through a connected Basecamp account.

Install only if you trust the Rube MCP provider and the connected Basecamp account. Before running write actions, confirm the target project, message content, assignees, recipients, and any users being added to or removed from project access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly supports granting and revoking project access and creating new users, but it does not require a confirmation step, authorization check, or a warning that these actions change permissions and may invite external people. In an agent setting, that omission can lead to unintended privilege changes, user invitations, or removal of legitimate members if the model misinterprets a request or is prompted ambiguously.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal