Holistics

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal Holistics integration, but it documents raw API proxy calls that can change or delete live business data without clear safety boundaries.

Install only if you are comfortable granting the agent Holistics access through Membrane. Prefer listed/vetted actions first, and require explicit user confirmation before any POST, PUT, PATCH, or DELETE proxy request, especially actions that create, update, publish, or delete dashboards, reports, models, users, or other business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents use of direct proxy requests with arbitrary HTTP methods including POST, PUT, PATCH, and DELETE, but provides no guardrails around confirmation, read-only preference, or destructive operations. In an agent context, this increases the chance that the model performs state-changing or irreversible actions against Holistics APIs without adequate user awareness or validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal