Authbridge

Security checks across malware telemetry and agentic risk

Overview

This Authbridge skill is coherent, but it gives an agent broad authenticated access to sensitive identity-verification data, including raw write and delete API requests, without clear confirmation safeguards.

Install only if you intend to let the agent work with Authbridge records through Membrane. Use a least-privilege Authbridge account, review the Membrane connection permissions, avoid sending unnecessary personal or screening data, and require explicit approval before any raw proxy request or any POST, PUT, PATCH, or DELETE operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill encourages direct proxying to the Authbridge API without clearly warning that identity-verification and background-screening data may include highly sensitive personal information sent to an external service. In this context, omission of consent, data-minimization, and sensitivity warnings increases the risk of users or agents transmitting regulated personal data without adequate awareness or approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal