Mx Technologies

Security checks across malware telemetry and agentic risk

Overview

This skill is transparently for MX financial-data access, but it gives agents broad authenticated proxy-request ability without enough explicit guardrails.

Review this before installing if you will connect real MX or financial accounts. Use pre-built Membrane actions first, authorize only the account and task you intend, avoid broad proxy calls unless you explicitly need them, and be especially careful with requests that modify or delete data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly enables raw proxy requests to MX Technologies endpoints, which can expose or manipulate highly sensitive financial-account and transaction data. While this appears intended as legitimate integration guidance, the absence of an explicit warning, consent boundary, or data-minimization guidance makes misuse more likely in a high-sensitivity context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal