Mboum

Security checks across malware telemetry and agentic risk

Overview

This Mboum skill needs review because its purpose is unclear while it can use a connected Membrane account to read, change, or delete Mboum data.

Install only if you trust Membrane and are comfortable connecting the chosen Mboum account. Before allowing changes, ask the agent to list available actions and confirm the exact records and operation; avoid raw proxy requests unless you approve the endpoint and method, especially POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill documentation inconsistently describes Mboum as both a CRM-style system and a medical system handling patients, practitioners, and appointments. This can mislead an agent into treating non-medical data as healthcare data or vice versa, causing incorrect API use, unsafe data handling assumptions, and inappropriate processing of potentially sensitive information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal