Native Monday
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward read-only Monday.com helper that uses your Monday API token to show boards, items, workspaces, and users.
Install only if you are comfortable letting the agent read Monday.com data available to your MONDAY_API_TOKEN, including board contents and user emails. Prefer a least-privileged token and avoid running broad listings in sensitive workspaces unless the output is appropriate to share in the agent session.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.