Nerve Kanban Bwm

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for a Kanban API, with clearly disclosed board-changing actions that users should treat carefully.

Install this only for Nerve boards you trust. Treat delete, execute, approve/reject, complete, and configuration changes as sensitive actions, and confirm that the Nerve server enforces authentication, authorization, and audit logging before letting agents use it on shared or production boards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises the ability to perform destructive and workflow-changing operations such as delete, execute, approve, reject, abort, and config updates without any cautionary guidance, confirmation expectations, or authorization notes. In an agent setting, this increases the chance that a model or user will invoke high-impact actions casually, leading to unintended task loss, workflow manipulation, or board-wide changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The quick reference prominently lists DELETE and configuration update endpoints alongside routine operations, but provides no warning that these can be irreversible or affect the entire board. This normalization of dangerous actions makes accidental misuse more likely, especially for autonomous agents interpreting the skill as permission to act directly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal