Branch

Security checks across malware telemetry and agentic risk

Overview

This Branch skill is not clearly malicious, but it needs review because it mixes Branch.io setup with broad workforce, payroll, payment, API-key, import/export, and raw API authority.

Install only if you know which Branch product/account this will connect to. Before use, inspect the available Membrane actions and require explicit approval for payments, invoices, payroll or employee data, API keys, imports, exports, deletes, or other account-changing requests. Consider pinning or verifying the Membrane CLI package and revoke the Membrane connection when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly enables arbitrary direct API access through the Membrane proxy but does not clearly instruct the agent to obtain user confirmation before performing state-changing or sensitive requests. In a powerful HR/workforce context containing users, payroll, files, audit logs, API keys, and imports/exports, this omission can lead to overbroad data access or unintended modifications without sufficiently explicit user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal