Dataddo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dataddo integration skill that uses Membrane CLI for authenticated Dataddo actions, with no evidence of hidden, destructive, or unrelated behavior.

Before installing, verify that you trust Membrane and the @membranehq/cli npm package, especially because the instructions recommend a global npm install and Membrane will handle Dataddo authentication. Use it only for Dataddo-related tasks and review any write, delete, or raw proxy request before allowing it to run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The description is overly broad: 'Manage data, records, and automate workflows' could cause the skill to activate for many generic user requests unrelated to Dataddo specifically. Over-broad activation increases the chance the agent selects this skill in the wrong context, which can lead to unintended external actions or data access through an authenticated Dataddo connection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal