Edusign

Security checks across malware telemetry and agentic risk

Overview

This Edusign skill is coherent, but it deserves review because it gives an agent broad authenticated access to sensitive education records and account-changing API calls.

Install only if you are comfortable letting an agent use a Membrane-connected Edusign account. Use the least-privileged Edusign account available, verify or pin the Membrane CLI version, and manually approve the exact action, endpoint, HTTP method, and payload before any create, update, delete, or bulk operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill advertises management of Edusign entities through named operations, but later exposes a generic proxy mechanism that can issue arbitrary authenticated API requests. That mismatch can cause an agent or user to underestimate the breadth of capability, enabling access to endpoints or data beyond the apparent curated scope and weakening safety review and permission expectations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal