Bics

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real BICS/Membrane integration, but it gives broad authenticated power to change business data without clear approval safeguards.

Install only if you trust Membrane with the intended BICS account. Use the least-privileged BICS access available, prefer discovered Membrane actions over raw proxy requests, and require explicit approval before any create, update, delete, user, group, schedule, alert, or workflow change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation text is broad enough that an agent may route many generic 'BICS/data/workflow' requests into this skill without clear scoping or user confirmation. In a skill that can enumerate actions and issue authenticated requests, over-broad triggering increases the chance of unintended access to enterprise data or execution of operations in the wrong context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to use a generic proxy request capability that supports POST, PUT, PATCH, and DELETE, but it does not require confirmation, least-privilege constraints, or warn about state-changing effects. Because Membrane injects live authentication automatically, an agent following these instructions could modify or delete real BICS data with little friction if prompted ambiguously or incorrectly.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal