Griffin
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate Griffin integration, but it grants broad authenticated ability to run actions and direct API requests that could change or delete business records without clear approval limits.
Install only if you trust Membrane as an intermediary for Griffin data. Use the least-privilege Griffin account available, review the Membrane connection and scopes, and require explicit confirmation before record updates, deletes, bulk actions, or workflow automation changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.