Back to skill

Security audit

Basecamp Automation

Security checks across malware telemetry and agentic risk

Overview

The skill appears legitimate for Basecamp automation, but it gives an agent authority to publish/update project content and change project access without clearly requiring a final user confirmation.

Install only if you are comfortable letting the agent act with the connected Basecamp account's permissions. Before using it for posts, edits, invitations, removals, or user creation, require the agent to show the exact target project/message/users and wait for explicit approval before it calls the Basecamp tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes workflows to grant or revoke project access and create new users, but it does not require an explicit user confirmation or warning before performing those high-impact actions. In an agent setting, this increases the risk of unintended privilege changes, accidental removals, or unauthorized invitations if a prompt is ambiguous or manipulated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The message-management workflow allows creating and updating visible project content, including publishing new posts and overwriting existing message bodies, without a clear warning that these actions are externally visible and potentially destructive. This can lead to accidental publication, misinformation, or loss of existing content when an agent acts on incomplete or misinterpreted instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.