Nusii Proposals

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate Nusii Proposals integration, but it needs review because it exposes raw authenticated API requests that can change or delete business data without clear confirmation guidance.

Install only if you trust Membrane and are comfortable connecting a Nusii account. Use the least-privileged account available, prefer curated Membrane actions, and require the agent to restate the target resource and get explicit approval before creating, updating, deleting, or using raw proxy requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents a generic proxy interface that supports POST, PUT, PATCH, and DELETE against the remote API without any warning about side effects, confirmation requirements, or safety boundaries. In an agent setting, this increases the risk of unintended modification or deletion of live proposal, client, or template data, especially when the model is following broad user instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal