Mindspun
Security checks across malware telemetry and agentic risk
Overview
The skill is a coherent Mindspun integration, but it gives the agent broad authenticated power to run raw API requests, including changes and deletes, without clear approval boundaries.
Install only if you are comfortable connecting Mindspun through Membrane and letting the agent make authenticated API calls. Prefer predefined Membrane actions, ask the agent to show the exact endpoint, method, parameters, and expected effect before any POST, PUT, PATCH, or DELETE request, and use a least-privileged account or revoke the connection when finished.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.