Focalboard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Focalboard integration that uses Membrane for authenticated access, with normal caution because authorized actions can change workspace data.

Install only if you trust Membrane as the intermediary for your Focalboard workspace. Prefer discovered Membrane actions over raw proxy requests, connect the least-privileged workspace or account practical, and require explicit confirmation before creating, updating, bulk-editing, or deleting Focalboard data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill documents a generic proxy request capability that supports arbitrary HTTP methods, headers, query params, and raw bodies, but does not warn that this can modify or delete remote Focalboard data. In an agent context, exposing a flexible authenticated request primitive without explicit guardrails increases the chance of unintended destructive actions or overbroad API use.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal