One Ai

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real One AI integration, but it gives broad authenticated API access with limited scoping or confirmation guidance.

Install only if you intend to let the agent operate against your One AI account through Membrane. Use the least-privileged account or tenant available, prefer discovered pre-built actions, and require explicit approval before any raw proxy request or any POST, PUT, PATCH, or DELETE operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill metadata narrows the purpose to managing Organizations and Users, but the body documents broader One AI resources and generic interaction patterns. This scope mismatch can mislead users or policy layers into granting or invoking capabilities beyond what the manifest suggests, increasing the chance of unintended access or unsafe automation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Documenting arbitrary proxy requests enables the agent to reach any One AI API endpoint through an authenticated connection, which is materially broader than the stated skill purpose. In practice, this bypasses the safety benefit of constrained pre-built actions and can enable unauthorized data access, mutation, or destructive calls if the agent is prompted to use the proxy loosely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal